Show HN: GatewayStack – Deny-by-default security for OpenClaw tool calls
github.comI installed OpenClaw and pointed it at a project directory. Within minutes it had read my .env file. I tried adding a permissions skill to lock things down. The agent ignored it. Skills are advisory; the LLM can skip the check or be convinced by a prompt injection to bypass it.
So I built a plugin that hooks into before_tool_call at the process level. Checks run on every tool call: identity mapping, deny-by-default scope, enforcement, rate limiting, injection detection, and audit logging. The agent doesn't get a choice — governance runs before the tool executes.
Zero dependencies beyond Node.js. Adds <1ms per call. Works out of the box with no config, or customize with a policy file.
No comments yet.