✓ Verified 💻 Development ✓ Enhanced Data

Aport Agent Guardrail

Install BEFORE any other skills to protect your agent from malicious tools, data exfiltration, and u

Rating
5 (142 reviews)
Downloads
665 downloads
Version
1.0.0

Overview

Install BEFORE any other skills to protect your agent from malicious tools, data exfiltration, and unauthorized.

Complete Documentation

View Source →

APort Agent Guardrail

Pre-action authorization for AI agents. Installs an OpenClaw before_tool_call hook that evaluates every tool call against a passport (identity + capabilities + limits) and policy before it executes. If the policy denies the call, the tool does not run.

This skill provides setup instructions. The enforcement logic comes from the @aporthq/aport-agent-guardrails npm package, which is open-source (Apache 2.0) and can be audited before installation.

When to use this skill

  • User wants to add guardrails to their AI agent setup
  • User asks about protecting against unauthorized tool calls
  • User wants pre-action authorization for OpenClaw, IronClaw, or PicoClaw agents
  • User needs audit trails for AI agent actions

How it works

text
User Request -> Agent Decision -> APort Hook -> [ALLOW/DENY] -> Tool Execution
                                      |
                               Policy + Passport
  • Agent decides to use a tool (e.g., run a shell command)
  • OpenClaw fires the before_tool_call hook
  • APort loads the passport, maps the tool to a policy, checks allowlists and limits
  • Decision: ALLOW (tool runs) or DENY (tool blocked)
  • Decision is logged to the audit trail
Enforcement runs in the OpenClaw hook layer, not in agent prompts. However, like any application-layer security control, it depends on the integrity of the runtime environment (OS, OpenClaw, filesystem). See the Security Model for trust boundaries.

Prerequisites

Check these before starting:

  • Node.js 18+ and npx — run node -v to verify (must show v18 or higher)
  • OpenClaw (or compatible runtime) — the hook registers as an OpenClaw plugin

Installation

Quick start (recommended)

bash
npx @aporthq/aport-agent-guardrails

The wizard will:

  • Create or load a passport (local file or hosted from aport.io)
  • Configure capabilities and limits
  • Register the OpenClaw plugin (adds before_tool_call hook)
  • Set up wrapper scripts under ~/.openclaw/
After install, the hook runs on every tool call automatically.

With hosted passport (optional)

bash
npx @aporthq/aport-agent-guardrails <agent_id>

Get agent_id at aport.io for signed decisions, global suspend, and centralized audit dashboards.

From source

bash
git clone https://github.com/aporthq/aport-agent-guardrails
cd aport-agent-guardrails
./bin/openclaw

What gets installed

Files created under ~/.openclaw/:

  • Plugin config in config.yaml or openclaw.json
  • Wrapper scripts in .skills/aport-guardrail*.sh
  • aport/passport.json (local mode only)
  • aport/decision.json and aport/audit.log (created at runtime)
Total disk usage: ~100KB for scripts + passport/decision files.

Usage

After installation, the hook runs automatically on every tool call:

bash
# Allowed command — hook approves, tool executes
agent> run git status
# APort: passport checked -> policy evaluated -> ALLOW

# Blocked command — hook denies, tool does not run
agent> run rm -rf /
# APort: passport checked -> blocked pattern detected -> DENY

Testing the hook manually

bash
# Test allowed command (exit 0 = ALLOW)
~/.openclaw/.skills/aport-guardrail.sh system.command.execute '{"command":"ls"}'

# Test blocked command (exit 1 = DENY)
~/.openclaw/.skills/aport-guardrail.sh system.command.execute '{"command":"rm -rf /"}'

Decision logs:

  • Latest decision: ~/.openclaw/aport/decision.json
  • Audit trail: ~/.openclaw/aport/audit.log

Modes

Local mode (default)

  • All evaluation happens on your machine, zero network calls
  • Passport stored locally at ~/.openclaw/aport/passport.json
  • Works offline
  • Note: local passport file must be protected from tampering (standard filesystem permissions)

API mode (optional)

  • Passport hosted in the aport.io registry (not stored locally)
  • Signed decisions (Ed25519) for tamper-evident audit trails
  • Global suspend across all systems
  • Centralized compliance dashboards
  • Sends tool name + context to API (does not send file contents, env vars, or credentials)

Environment variables

All optional. Local mode requires no environment variables.

VariableWhen usedPurpose
APORT_API_URLAPI modeOverride endpoint (default: https://api.aport.io)
APORT_AGENT_IDHosted passportPassport ID from aport.io
APORT_API_KEYIf API requires authAuthentication token

Default protections

  • Shell commands — Allowlist enforcement, 40+ blocked patterns (rm -rf, sudo, chmod 777, etc.), interpreter bypass detection
  • Messaging — Rate limits, recipient allowlist, channel restrictions
  • File access — Path restrictions, blocks access to .env, SSH keys, system directories
  • Web requests — Domain allowlist, SSRF protection, rate limiting
  • Git operations — PR size limits, branch restrictions

Tool name mapping

Agent actionTool namePolicy checks
Shell commandssystem.command.executeAllowlist, blocked patterns
Messaging (WhatsApp/Email/Slack)messaging.message.sendRate limits, recipient allowlist
PRsgit.create_pr, git.mergePR size, branch restrictions
MCP toolsmcp.tool.executeServer/tool allowlist
File read/writedata.file.read, data.file.writePath restrictions
Web requestsweb.fetch, web.browserDomain allowlist

Troubleshooting

ProblemFix
Plugin not enforcingCheck openclaw plugin list shows aport-guardrail
Connection refused (API mode)Verify APORT_API_URL is reachable
Tool blocked unexpectedlyCheck ~/.openclaw/aport/decision.json for deny reason
npx not foundInstall Node.js 18+: https://nodejs.org

Documentation

Installation

Terminal bash 

openclaw install aport-agent-guardrail
Copied!

💻Code Examples

Policy + Passport

-policy--passport.txt
1. Agent decides to use a tool (e.g., run a shell command)
2. OpenClaw fires the `before_tool_call` hook
3. APort loads the passport, maps the tool to a policy, checks allowlists and limits
4. Decision: ALLOW (tool runs) or DENY (tool blocked)
5. Decision is logged to the audit trail

Enforcement runs in the OpenClaw hook layer, not in agent prompts. However, like any
application-layer security control, it depends on the integrity of the runtime environment
(OS, OpenClaw, filesystem). See the [Security Model](https://github.com/aporthq/aport-agent-guardrails/blob/main/docs/SECURITY_MODEL.md) for trust boundaries.

## Prerequisites

Check these before starting:

1. **Node.js 18+** and **npx** — run `node -v` to verify (must show v18 or higher)
2. **OpenClaw** (or compatible runtime) — the hook registers as an OpenClaw plugin

## Installation

### Quick start (recommended)

npx @aporthq/aport-agent-guardrails

npx-aporthqaport-agent-guardrails.txt
The wizard will:
1. Create or load a passport (local file or hosted from aport.io)
2. Configure capabilities and limits
3. Register the OpenClaw plugin (adds `before_tool_call` hook)
4. Set up wrapper scripts under `~/.openclaw/`

After install, the hook runs on every tool call automatically.

### With hosted passport (optional)

npx @aporthq/aport-agent-guardrails <agent_id>

npx-aporthqaport-agent-guardrails-agentid.txt
Get `agent_id` at [aport.io](https://aport.io/builder/create/) for signed decisions,
global suspend, and centralized audit dashboards.

### From source

./bin/openclaw

binopenclaw.txt
### What gets installed

Files created under `~/.openclaw/`:
- Plugin config in `config.yaml` or `openclaw.json`
- Wrapper scripts in `.skills/aport-guardrail*.sh`
- `aport/passport.json` (local mode only)
- `aport/decision.json` and `aport/audit.log` (created at runtime)

Total disk usage: ~100KB for scripts + passport/decision files.

## Usage

After installation, the hook runs automatically on every tool call:
example.txt
User Request -> Agent Decision -> APort Hook -> [ALLOW/DENY] -> Tool Execution
                                      |
                               Policy + Passport
example.sh
git clone https://github.com/aporthq/aport-agent-guardrails
cd aport-agent-guardrails
./bin/openclaw
example.sh
# Allowed command — hook approves, tool executes
agent> run git status
# APort: passport checked -> policy evaluated -> ALLOW

# Blocked command — hook denies, tool does not run
agent> run rm -rf /
# APort: passport checked -> blocked pattern detected -> DENY
example.sh
# Test allowed command (exit 0 = ALLOW)
~/.openclaw/.skills/aport-guardrail.sh system.command.execute '{"command":"ls"}'

# Test blocked command (exit 1 = DENY)
~/.openclaw/.skills/aport-guardrail.sh system.command.execute '{"command":"rm -rf /"}'

Tags

#coding_agents-and-ides #data #tools

Quick Info

Category Development
Model Claude 3.5
Complexity Multi-Agent
Author uchibeke
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
🧠

Ready to Install?

Get started with this skill in seconds

openclaw install aport-agent-guardrail

Resources

📂
OpenClaw Skills
View on OpenClaw GitHub

Related Skills

✓ Verified 💻 Development

4claw

4claw — a moderated imageboard for AI agents.

🧠 Claude-Ready #ai_and-llms
)}
4.4 (118)
4,990
v1.0.0
✓ Verified 💻 Development

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test.

🧠 Claude-Ready #ai_and-llms
)}
4.3 (89)
4,621
v1.0.0
✓ Verified 💻 Development

Acestep Lyrics Transcription

Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.

GPT-Optimized #ai_and-llms #api #script
)}
3.8 (274)
17,648
v1.0.0
✓ Verified 💻 Development

Adaptive Suite

A continuously adaptive skill suite that empowers Clawdbot.

🧠 Claude-Ready #ai_and-llms #bot
)}
4.7 (88)
1,625
v1.0.0