ClawShell π‘οΈ
Powered by Runta. The essential safety harness for OpenClaw's PII & API data.
π Introduction
ClawShell is a security privileged process for the OpenClaw ecosystem. It sits between OpenClaw and upstream LLM API providers (OpenAI, Anthropic), performing virtual-to-real API key mapping and DLP (Data Loss Prevention) scanning on request and response bodies.
OpenClaw never holds real API keys β only virtual keys that ClawShell swaps for real ones before forwarding requests upstream. Real keys are stored in a privileged config directory (/etc/clawshell) protected by Unix file system permissions.
Key Features
1. API Token Secure Binding
ClawShell maps virtual API keys to real provider keys so that OpenClaw never has direct access to real credentials.
- Key Isolation: Real API keys are stored in
/etc/clawshell/clawshell.toml, readable only by theclawshellsystem user. OpenClaw holds only virtual keys. - Multi-Provider Support: Maps keys to OpenAI or Anthropic, injecting the correct authentication header format (
Authorization: Bearerfor OpenAI,x-api-keyfor Anthropic).
2. PII Safety Net (DLP)
ClawShell scans HTTP request and response bodies for sensitive data using configurable regex patterns.
- Request Scanning: Detects PII (SSNs, credit card numbers, emails, etc.) in outbound requests. Patterns can be configured to either block the request or redact the matched text before forwarding.
- Response Scanning: Optionally scans upstream responses and redacts detected PII before returning to OpenClaw. Streaming (SSE) responses are passed through without scanning.
- Custom Patterns: Define sensitive data patterns using regex in the TOML config, each with a
blockorredactaction.
3. Seamless Integration
- Transparent Proxy: Deploys alongside OpenClaw without requiring code changes β configure OpenClaw to point at ClawShell's address and it forwards all requests upstream.
- No External Dependencies: Uses Unix file system permissions to protect secrets. No IdP, Vault, or external key management service required.
4. Ultra Lightweight and Scalable
- Runs in under 10MB of memory.
- Written in Rust with Tokio
Architecture
β security boundary (Unix File System Permissions)
β
β ββββββββββββββββββ-ββ
β β /etc/clawshell β
β β β real API keys β
β β β DLP patterns β
β ββββββββββ¬βββββββββ-β
β reads β
β ββββββββββ΄βββββββββ-β
ββββββββββββββββ REQUEST β β β REQUEST ββββββββββββββ
β βββ(virtualββββ«ββΊβ ClawShell βββ-(real key,ββββΊβ β
β OpenClaw β key) β β β PII redacted) β OpenAI β
β β β β DLP scan β β or β
β holds only β RESPONSE β β real-key mapping β RESPONSE β Anthropic β
β virtual keys βββ-----------ββββ€ βββ-----------βββββ€ β
β β β β β β β
ββββββββββββββββ β βββββββββββββββββββ-β ββββββββββββββ
β
OpenClaw only holds virtual keys and cannot access the real API keys stored in the privileged config. ClawShell swaps virtual keys for real ones and scans for PII before forwarding requests upstream.
Installation
Cargo
# Require privilege to setup security boundary
NPM
# Require privilege to setup security boundary
Build from Source
Cross-compile on Linux/arm64
CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER="/tmp/x86_64-linux-musl-cross/bin/x86_64-linux-musl-gcc" \