SkillShield Local-first safety layer for AI agents and OpenClaw skills
Pricing Login

Open-source · local-first · one command install

SkillShield intercepts dangerous agent actions before they execute.

A safety layer that sits between your AI agent and the operating system. It blocks destructive commands, catches secret leaks, throttles runaway loops, and logs every decision for later review. No remote service needed to start.

Install via ClawHub Open console
Install command 
npx clawhub@latest install skillshield-openclaw

Works with OpenClaw. Installs locally. Default protection rules are active immediately.

What it blocks

Destructive commands

Intercepts rm -rf, file overwrites, sensitive path access, and other dangerous shell operations before they run.

Secret leaks

Detects API keys, tokens, and credential-like content in outgoing requests and tool output.

Unreviewed high-risk actions

Pauses dangerous operations for human approval instead of letting them execute silently.

Runaway loops

Rate-limits repeated agent actions to prevent cost spikes and cascading failures.

Getting started

Running in under a minute

1 Install with one command

Run the install command from ClawHub. No config files, no dependencies to wire up manually.

2 Default rules work immediately

Command blocking, secret detection, and rate limiting are active out of the box. Custom rules can be added later.

3 Scales with your team

Start with the free local edition. Add centralized audit, approvals, and alerting when your team needs them.

After install

What happens immediately

These protections activate as soon as SkillShield is installed — no configuration required.

Destructive deletes are blocked

If an agent attempts rm -rf or tries to access SSH keys, the request is blocked and logged.

Secret-shaped output is intercepted

If a tool tries to send API-key-like content to an external endpoint, the request is stopped.

Rapid-fire actions are throttled

If an agent enters a loop and sends repeated requests, the rate limiter kicks in automatically.

Examples

Real interceptions

Actual scenarios where SkillShield blocks damage before it happens.

Shell command blocked Agent tried to delete a project directory and read SSH keys

Matched deny rules for destructive commands and sensitive paths. Blocked before execution. Reason logged to audit trail.

Prevented: lost files, broken workspace, exposed credentials.

Secret leak stopped Tool call tried to send a live-looking token to an external URL

Secret pattern detected in outgoing payload. Request stopped. Event recorded in audit log.

Prevented: token exposure, emergency rotation, downstream misuse.

Runaway loop cut off Looping agent fired tools repeatedly at 10x normal rate

Per-session rate limit triggered. Burst terminated. Log shows exactly when the breaker engaged.

Prevented: unexpected costs, downstream failures, expanded blast radius.

Comparison

With and without SkillShield

Without SkillShield
  • A bad agent command executes immediately — you find out after the damage.
  • Secrets leave through tool output or HTTP requests with no one noticing.
  • Loops run until cost limits or system failures force attention.
  • No decision trail. After an incident, nobody knows what happened.
With SkillShield
  • Dangerous actions are blocked or paused for approval before execution.
  • Secret-like payloads are caught before leaving the machine.
  • Runaway bursts are cut off by rate limiting policy.
  • Every block, approval, and risk flag is logged and reviewable.

Dashboard

Control center preview

Decisions, audit log, approval queue, and system status in one view.

Blocked today12
Pending approvals3
DLP triggers4
Latest decision

Blocked `curl` request after a token-shaped payload matched DLP patterns.

Approval queue

`git push origin main` paused for operator confirmation.

System status

Sandbox: active · DLP filter: on · Rate limit: 60/min

See what was blocked and why

Each decision shows the action, the matching rule, and the outcome.

Approve or reject pending actions

High-risk operations wait in a queue instead of executing silently.

Export audit evidence

Download logs for internal reviews, compliance, or incident reports.

Features

Core capabilities

Command blocking

Blocks dangerous shell commands before they run — directory wipes, sensitive file access, risky operations.

Secret detection (DLP)

Catches API keys, tokens, and credential patterns in outgoing tool calls and network requests.

Approval checkpoints

High-risk actions require human confirmation before they can continue.

Audit trail

Every deny, allow, and approval decision is logged with timestamp, rule, and context.

Rate limiting

Automatic throttle on repeated actions to prevent runaway cost and cascading failures.

Scalable deployment

Start local. Add centralized policy, team audit, alerting, and private deployment as needed.

Plans

Free to start, upgrade when you need to

Free

$0

Local protection for individual OpenClaw users. No account required.

Pro

Paid

Centralized policy, team audit log, and alert notifications.

Enterprise

Contact us

Private deployment, approval workflows, compliance support.

Comparison

Plan comparison

Feature Free Pro Enterprise
One-command install
Local command & secret blocking
Centralized audit & alerts
Approval workflow & private deploy Optional

Transparency

How SkillShield handles your data

Runs locally by default

The free edition processes everything on your machine. No command content is sent to external servers.

Every decision is auditable

Denials, approvals, and risk evaluations are all logged locally and can be exported.

Clear upgrade path

Pro and Enterprise add centralized management. Your local protection keeps working either way.

Separated access boundaries

Public pages, login, and the admin console are served on separate routes with independent auth.

Use cases

Who uses SkillShield

Individual developers

Install from ClawHub, get instant protection against destructive agent actions on your local machine.

AI product teams

Wrap agent tools with policy enforcement to reduce token leaks, destructive commands, and unreviewed execution.

Enterprise security teams

Centralized controls, webhook alerts, approval checkpoints, and private deployment for production environments.

How it works

How it works

Every agent request passes through SkillShield before reaching the operating system.

1 1. Agent sends a request

A plugin, skill, or automated workflow tries to read a file, run a command, or call a network target.

2 2. Policy evaluation

Built-in rules, custom policies, DLP patterns, and rate limits determine if the request is safe.

3 3. Decision enforced

The request is allowed, blocked, or held for human approval.

4 4. Logged and optionally alerted

The decision is written to the audit log. Enterprise setups can push alerts to external channels.

FAQ

Frequently asked questions

Is setup complicated?

No. One command installs it from ClawHub. Default protection rules are active immediately.

Does the free version send my data anywhere?

No. The free edition runs entirely on your machine. Command content stays local.

What do Pro and Enterprise add?

Centralized policy management, team-wide audit logs, alert notifications, approval workflows, and private deployment.

Who is the login page for?

Operators and administrators managing the SkillShield control center.

Next step

Get started

Compare plans

See what Free, Pro, and Enterprise include.

Review plans

Already running?

Open the admin console.

Open login

Try it

Install SkillShield and see it work.

Free, local, one command. Upgrade to team features when you need them.

Install now View pricing Login