Skip to content

AxioRank/openclaw-plugin

Repository files navigation

@axiorank/openclaw

The AxioRank security gateway, as an OpenClaw plugin. It inspects every tool call, tool result, and outbound message your OpenClaw agent makes and blocks secret exfiltration, destructive operations, malware, and prompt injection inline, before they run. Local and offline by default. No API key required.

AxioRank is the security gateway for AI agents. This plugin brings the same detection engine that governs production agents (and Claude Code, Cursor, Codex, and Grok) to OpenClaw, so an agent running in OpenClaw is held to the same rules.

Install

openclaw plugins install clawhub:@axiorank/openclaw

Local blocking works immediately, with no key and no network.

What it does

  • Blocks risky tool calls. A before_tool_call guard scores every outbound call with the AxioRank detectors and blocks a denied one: a live secret in the arguments, a destructive command (rm -rf, DROP TABLE), a malware cradle, or a prompt injection. High confidence, low false positive.
  • Defends against agentjacking. An after_tool_call guard inspects tool results (MCP replies, fetched pages, file reads) for injected instructions or leaked secrets before the agent trusts them.
  • Guards outbound messages. A message_sending guard cancels a reply that would leak a secret.
  • Asks when it should. A medium-risk call is sent to OpenClaw's native approval prompt rather than silently allowed or hard blocked, so the guard tightens without wedging the agent.
  • Agent tools. axiorank_inspect, axiorank_scan_mcp, axiorank_verify_seal, and axiorank_redteam let the agent check content, scan an MCP server, verify a signed seal, or measure its own posture.
  • /axiorank command. Reports the guard's posture and what it governed this session.

Configuration

Every option has a safe default; the plugin works with no configuration. Set options in your OpenClaw config under this plugin's entry.

Option Default Meaning
mode enforce enforce blocks denied calls. monitor logs what it would block and blocks nothing.
failMode open On an inspection error or unreachable gateway: open allows and logs, closed blocks.
denyThreshold 75 Deny at or above this risk score (0 to 100).
holdBehavior approve The medium-risk review band: approve asks the user, block denies, warn logs.
blockCategories secret, destructive, malware, injection Only escalate to a block when a firing signal is in one of these categories.
inspectResults true Inspect tool results for indirect injection.
guardMessages true Inspect and cancel risky outbound messages.
deepDecode false Recursively decode base64, hex, and gzip obfuscated payloads.
apiKey (none) Escalate to the hosted gateway. Also read from AXIORANK_API_KEY.
baseUrl https://app.axiorank.com Hosted gateway URL. Also read from AXIORANK_BASE_URL.
seal true Mint a signed Coding Session Seal on session end (needs apiKey).

Local vs hosted

Without a key the plugin runs entirely on your machine: the bundled AxioRank detection engine, no network, nothing leaves the host. This is the default and covers secret, injection, destructive, malware, PII, and egress detection.

Set AXIORANK_API_KEY (or the apiKey option) to escalate. Each governed call is also evaluated by the hosted gateway against your workspace's real policy (custom rules, approvals, budgets, information-flow control, the ML flow judge, kill-chain correlation). The central decision can only tighten the local one: a local block is never loosened by the gateway. On session end the trace is sealed into a signed, offline-verifiable Coding Session Seal you can check with npx @axiorank/audit-verify.

CLI

openclaw axiorank inspect path/to/file        # score a file for secrets, PII, injection
cat payload.json | openclaw axiorank inspect --tool db.query
openclaw axiorank redteam --full              # run the red-team corpus, report the catch rate

How it works

The plugin bundles @axiorank/detectors, the same content-inspection engine the hosted gateway and the AxioRank SDK run. There are no AxioRank services in the default path. Every hook is fail-open and time-bounded, so an inspection error or a slow network can never wedge your agent.

Learn more at axiorank.com.

About

AxioRank security gateway for OpenClaw agents: blocks secret exfiltration, destructive operations, and prompt injection on every tool call, locally and offline. Install: openclaw plugins install clawhub:axiorank

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors