OpenClaw Guardrails in 5 Minutes
Secure your OpenClaw agent with pre-action policy enforcement. No sign-up, no API keys, no account.
Have a passport from aport.io? Run npx @aporthq/aport-agent-guardrails <agent_id> to use a hosted passport and skip the wizard.
Install Guardrails
One command — setup wizard via npm (no clone required)
npx @aporthq/aport-agent-guardrailsStart OpenClaw
The plugin is now active
openclaw agent start
# The plugin automatically checks EVERY tool call
# against your passport before executionTry a Safe Command
Tell your agent to create a file
# User: "Create a file called test.txt"
# → Agent calls exec.run
# → APort plugin: ✅ ALLOW
# → Tool executes successfullyFile created
Try a Dangerous Command
Watch the guardrail block it
# User: "Run rm -rf /"
# → Agent calls exec.run
# → APort plugin: ❌ DENY - Blocked pattern
# → Tool execution prevented❌ DENY - Blocked pattern: rm -rf
Customize Your Passport
Edit limits and allowed commands
# View passport status:
~/.openclaw/.skills/aport-status.sh
# Edit passport (optional):
nano ~/.openclaw/passport.jsonThat's it.
Your OpenClaw agent is now protected. Every command is checked before execution.
Quick Questions
Q: Do I need an account?
A: No. Local-first means no cloud dependency. Everything runs on your machine.
Q: Can the AI bypass this?
A: No. Platform enforces before tool runs. The AI never sees the guardrail decision.
Q: What if I want more features?
A: Upgrade to hosted passports (free tier available). Get global kill switch, team management, and more.