foggy abyss
Built a plugin that enforces scoped permissions on OpenClaw tool calls. The agent can only use tools its capability
allows, everything else gets denied at the enforcement layer, not at the prompt level. Perfect
** What it blocks (demo):**
- Malicious skill tries curl to exfiltrate env vars β DENIED (shell blocked)
- Skill tries rm -rf ~/.ssh β DENIED (shell blocked)
- Skill tries to spawn a sub-agent with full access β DENIED (spawn blocked)
- Skill does web_search β ALLOWED (in allowed_tools)
This is especially relevant if you're:
- Running agents with filesystem or shell access
- Building skills that call external APIs (Stripe, GitHub, Slack, etc.)
- Deploying OpenClaw agents for other people to use
- Worried about prompt injection hitting your tool calls
** High-value if your agents are:**
- Processing payments or managing subscriptions
- Sending emails or messages on behalf of users
- Accessing customer data or PII
- Managing cloud infrastructure (AWS, GCP, deploy scripts)
- Handling anything where a mistake costs real money or trust
It hooks into OpenClaw's skill execution pipeline. The agent doesn't know the enforcement layer exists β it just gets
denied on tools outside its scope.
33 tests passing, full demo scenario included.
npm install @capnet-auth/openclaw-plugin
Plugin on npm: https://www.npmjs.com/package/@capnet-auth/openclaw-plugin
Plugin code: https://github.com/Connerlevi/CapNET/tree/main/openclaw-plugin
Full repo: https://github.com/Connerlevi/CapNET
Developer testing guide: https://github.com/Connerlevi/CapNET/blob/main/DEVELOPER_TESTING.md
Maintainer: Conner Levi (@Connerlevi)
||* Looking for feedback β especially from anyone running agents that touch real APIs or filesystems.*||
willow iron