ClawShell

ClawShell is a runtime security layer and safety harness for the OpenClaw/Hermes Agent ecosystem, written in Rust with Tokio. It sits between AI agents and upstream LLM API providers (OpenAI, Anthropic, OpenRouter), ensuring that agents never hold real API keys and that sensitive data is scanned and redacted before leaving the system. The tool is open source under the Apache License 2.0 and runs in under 10MB of memory, making it ultra-lightweight and suitable for sidecar deployment.

• API Token Secure Binding: Real API keys are stored in a privileged config directory (/etc/clawshell) readable only by the clawshell system user; agents hold only virtual keys that ClawShell swaps for real ones before forwarding requests.
• PII Safety Net (DLP): Scans HTTP request and response bodies for sensitive data (SSNs, credit card numbers, emails, etc.) using configurable regex patterns, with block or redact actions per pattern.
• Sensitive Email Isolation: Exposes an IMAP email read endpoint with sender allowlist/denylist filtering; IMAP credentials are stored in the privileged config and never exposed to agents.
• OAuth Authentication: Supports OAuth-based authentication (device code flow) for Codex/ChatGPT as an alternative to static API keys, with automatic token refresh and request translation.
• Runtime Statistics: Exposes a loopback-only /admin/stats endpoint with persistent counters for requests protected, tokens used, and emails filtered.
• Drop-in Sidecar: The clawshell onboard interactive wizard configures either OpenClaw or Hermes Agent to route all requests through ClawShell's proxy with no external dependencies.
• Multi-Provider Support: Maps virtual keys to OpenAI, Anthropic, or OpenRouter, injecting the correct authentication header format per provider.
• Installation: Install via cargo install clawshell --locked or npm install -g @clawshell/clawshell, then run sudo clawshell onboard to set up the security boundary and configure your agent.