Easylab AI×  OpenClaw
Open Source

OpenClawToolkit

Three open-source tools to secure, monitor, and connect OpenClaw agents. Built in production, shared with the community.

These tools are extracted from our production deployment of OpenClaw at Easylab AI. We built them to solve real problems: securing an autonomous agent's shell access, monitoring inter-agent communication in real time, and maintaining a live view of system health. Everything shared here runs in production, every day. The architecture, security layers, and lessons learned behind these tools are documented throughout this site.

View on GitHub
CC BY-NC-SA 4.0
The Tools
>

Exec Guardian

An independent daemon that intercepts every shell command before execution. Three policy tiers: auto-deny for dangerous patterns, auto-allow for safe operations, and real-time human approval via iMessage for sensitive commands.

Unix socket protocol, fail-closed design, OS-level immutability on daemon code and policies. The agent cannot modify its own enforcer.

#

Live Dashboard

A single-file web server that displays bridge communication logs, exec-guardian decisions, and memory status in real time. No external dependencies.

Auto-refreshing interface, JSONL log parsing, color-coded security decisions. Designed to run alongside the agent on the same machine.

@

Bridge Logging

Send and receive scripts for inter-agent communication with full JSONL audit trail. Every message exchanged between agents is logged with timestamps, source, target, and delivery status.

Webhook-based transport, configurable targets via JSON, automatic log rotation. Pairs with the dashboard for visual monitoring.

Security Principles

Every tool follows the same design philosophy we use in production.

  • Fail-closed by default -- every error path results in denial, never in permissive fallback
  • OS-level tamper resistance -- daemon code and policies are locked with immutability flags
  • Out-of-band human approval -- the agent cannot intercept, forge, or delay approval requests
  • Zero external dependencies — no supply chain attack surface
  • Separation of concerns -- gateway handles fast path, daemon handles policy, human handles critical decisions
Quick Start
git clone https://github.com/buzzbyjool/openclaw-toolkit.git
cd openclaw-toolkit

# Install into your OpenClaw workspace
./install.sh

# Guardian, dashboard and bridge components are deployed into
# your workspace, ready to start:
openclaw guardian start
openclaw dashboard start
openclaw bridge init
Full documentation and source on GitHub
Open-source Toolkit | OpenClaw × Easylab