ClawLockThe OpenClaw control plane

Bring your OpenClaw under control.

OpenClaw can browse real sites, log into real accounts, fill real forms, and complete real transactions. Without a control plane, there is very little between “compare prices” and “checkout without you knowing”.

  • A malicious webpage can push your agent from browse to buy.
  • Card numbers and passwords can leak into model context and logs.
  • The agent can quietly exceed scope unless you put policy in the path.

ClawLock is the control plane for OpenClaw. It lets the agent do the useful work and stops the rest until you approve it.

Agent: "Found a Mac Mini M4 for $100 on eBay.
Checking out now."

Agent Passport: BLOCKED
"Checkout requires your approval."
Approval required
eBay
$100.00
Visa ending in 4242
Action: checkout
Enter vault PIN
Agent: Done. Visa ending in 4242 charged $100.00.
Quick start

Install ClawLock. Set your PIN. Bring your OpenClaw under control.

Terminal
openclaw plugins install @andersjw/clawlock
openclaw gateway restart

sudo tailscale set --operator=$USER
tailscale serve --bg --http 18789 http://127.0.0.1:18789

Then open http://localhost:18789/passport/, go to Vault, and set your PIN.

What it does

Control the actions that matter.

Blocks checkout until you approve

ClawLock stops the agent at checkout until you approve it on your phone.

Keeps secrets out of the model

Card details and passwords are injected into the browser via CDP. The model never needs to see the raw secret.

Separates browsing from buying

Browsing, search, compare, and add-to-cart can be allowed. Checkout, shell access, messaging, and unknown domains can be blocked outright.

Leaves a receipt trail

Every approval and action is logged with the rule that matched, the time, and the evidence.

How it works

How it works

01

Create a passport

Define what the agent can browse, what it can do automatically, and what must stop for approval.

02

Intercept the action

When the agent reaches checkout or another sensitive step, policy evaluates the action and blocks it.

03

Approve on your phone

You get an approval link, review the merchant, amount, and card, then enter your PIN.

04

Complete without leaking

Payment and credentials are injected directly into the browser. Sensitive values never need to enter the model context.

Open source

Read the code. Install the plugin. Ship it yourself.

ClawLock is free, open source, and designed to run with your own OpenClaw setup. Domain remains configurable — current placeholder: clawlock.ai.

View source
Security notice

Defense in depth. Not a guarantee.

ClawLock is a defense-in-depth layer, not a security guarantee. It reduces risk by keeping sensitive data out of model context and gating consequential actions on human approval, but it does not eliminate the possibility of prompt injection, infrastructure compromise, malicious skills, token theft, or operator error.

  • This software is provided as-is under the MIT license, without warranty of any kind.
  • No security tool can fully prevent a sufficiently sophisticated prompt injection attack.
  • The encrypted vault is only as strong as your PIN and the security of the host machine.
  • You are responsible for reviewing approval requests carefully before allowing an action to proceed.

ClawLock reduces risk. It does not eliminate it.