Easylab AI×  OpenClaw
Open Source

OpenClawToolkit

Three open-source tools to secure, monitor, and connect OpenClaw agents. Built in production, shared with the community.

These tools are extracted from our production deployment of OpenClaw at Easylab AI. We built them to solve real problems: securing an autonomous agent's shell access, monitoring inter-agent communication in real time, and maintaining a live view of system health. Everything shared here runs in production, every day. The architecture, security layers, and lessons learned behind these tools are documented throughout this site.

View on GitHub
CC BY-NC-SA 4.0
The Tools
>

Exec Guardian

A Python daemon that intercepts every shell command before execution. Three policy tiers: auto-deny for dangerous patterns, auto-allow for safe operations, and real-time human approval via iMessage for sensitive commands.

Unix socket protocol, fail-closed design, OS-level immutability on daemon code and policies. The agent cannot modify its own enforcer.

#

Live Dashboard

A single-file web server that displays bridge communication logs, exec-guardian decisions, and memory status in real time. No dependencies beyond Python stdlib.

Auto-refreshing interface, JSONL log parsing, color-coded security decisions. Designed to run alongside the agent on the same machine.

@

Bridge Logging

Send and receive scripts for inter-agent communication with full JSONL audit trail. Every message exchanged between agents is logged with timestamps, source, target, and delivery status.

Webhook-based transport, configurable targets via JSON, automatic log rotation. Pairs with the dashboard for visual monitoring.

Security Principles

Every tool follows the same design philosophy we use in production.

  • Fail-closed by default -- every error path results in denial, never in permissive fallback
  • OS-level tamper resistance -- daemon code and policies are locked with immutability flags
  • Out-of-band human approval -- the agent cannot intercept, forge, or delay approval requests
  • Zero pip dependencies -- Python 3.9+ stdlib only, no supply chain attack surface
  • Separation of concerns -- gateway handles fast path, daemon handles policy, human handles critical decisions
Quick Start
git clone https://github.com/buzzbyjool/openclaw-toolkit.git
cd openclaw-toolkit

# exec-guardian
cp guardian/exec-guardian.py ~/.openclaw/guardian/
cp guardian/policies.json ~/.openclaw/guardian/

# dashboard
cp dashboard/openclaw-dashboard.py ~/.openclaw/dashboard/
python3 ~/.openclaw/dashboard/openclaw-dashboard.py

# bridge
cp bridge/bridge-send.py ~/.openclaw/bridge/
cp bridge/bridge-config-example.json ~/.openclaw/bridge/config.json
Full documentation and source on GitHub
Open-source Toolkit | OpenClaw × Easylab