Evaluates agent actions for security risks, enforcing least-privilege policies with allow, deny, or confirmation decisions and secret redaction.
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install claw-permission-firewall或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install claw-permission-firewall⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/claw-permission-firewall/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
Runtime least-privilege firewall for agent/skill actions. It evaluates a requested action and returns one of:
It also returns a sanitizedAction with secrets redacted, plus a structured audit record.
> This is not a gateway hardening tool. It complements gateway security scanners by enforcing per-action policy at runtime.
---
~/.ssh, ~/.aws, .env, etc.)rm -rf, curl | sh, etc.)---
Provide an action object to evaluate:
{
"traceId": "optional-uuid",
"caller": { "skillName": "SomeSkill", "skillVersion": "1.2.0" },
"action": {
"type": "http_request | file_read | file_write | exec",
"method": "GET|POST|PUT|DELETE",
"url": "https://api.github.com/...",
"headers": { "authorization": "Bearer ..." },
"body": "...",
"path": "./reports/out.json",
"command": "rm -rf /"
},
"context": {
"workspaceRoot": "/workspace",
"mode": "strict | balanced | permissive",
"confirmed": false
}
}
---
{
"decision": "ALLOW | DENY | NEED_CONFIRMATION",
"riskScore": 0.42,
"reasons": [{"ruleId":"...","message":"..."}],
"sanitizedAction": { "...": "..." },
"confirmation": { "required": true, "prompt": "..." },
"audit": { "traceId":"...", "policyVersion":"...", "actionFingerprint":"..." }
}
---
Authorization, Cookie, X-API-Key, and common token patterns---
1) Your skill creates an action object. 2) Call this skill to evaluate it. 3) If ALLOW → execute sanitizedAction. 4) If NEED_CONFIRMATION → ask user and re-run with context.confirmed=true. 5) If DENY → stop and show the reasons.
---
policy.yaml contains the policy (edit for your environment).安装 Claw Permission Firewall 后,可以对 AI 说这些话来触发它
Help me get started with Claw Permission Firewall
Explains what Claw Permission Firewall does, walks through the setup, and runs a quick demo based on your current project
Use Claw Permission Firewall to evaluates agent actions for security risks, enforcing least-privile...
Invokes Claw Permission Firewall with the right parameters and returns the result directly in the conversation
What can I do with Claw Permission Firewall in my finance & investment workflow?
Lists the top use cases for Claw Permission Firewall, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/claw-permission-firewall/ 目录(个人级,所有项目可用),或 .claude/skills/claw-permission-firewall/(项目级)。重启 AI 客户端后,用 /claw-permission-firewall 主动调用,或让 AI 根据上下文自动发现并使用。
Claw Permission Firewall 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
Claw Permission Firewall 可免费安装使用。请查阅仓库了解许可证信息。
Evaluates agent actions for security risks, enforcing least-privilege policies with allow, deny, or confirmation decisions and secret redaction.
Claw Permission Firewall 属于「Finance & Investment」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。
Automate my finance & investment tasks using Claw Permission Firewall
Identifies repetitive steps in your workflow and sets up Claw Permission Firewall to handle them automatically