[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81431":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":13,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":34,"readmeContent":35,"aiSummary":36,"trendingCount":16,"starSnapshotCount":16,"syncStatus":37,"lastSyncTime":38,"discoverSource":39},81431,"clawlens","nk3750\u002Fclawlens","nk3750","Agent observability and guardrails for OpenClaw — risk scoring, audit trails, dashboard.","https:\u002F\u002Fclawhub.ai\u002Fplugins\u002F@nk3750\u002Fopenclaw-clawlens",null,"TypeScript",38,3,33,7,0,4,5,9,1.81,"MIT License",false,"main",true,[26,27,28,29,30,31,32,33],"agent-observability","ai-agents","guardrails","local-first","openclaw","openclaw-plugin","risk-scoring","typescript","2026-06-12 02:04:15","\u003Ch1 align=\"center\">\n  \u003Cimg src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fnk3750\u002Fclawlens\u002Fmain\u002Fdocs\u002Fassets\u002Fclawlens-logo.jpeg\" alt=\"ClawLens\" width=\"120\">\u003Cbr>\n  ClawLens\n\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\n  \u003Cstrong>Agent observability and guardrails for \u003Ca href=\"https:\u002F\u002Fopenclaw.ai\u002F\">OpenClaw\u003C\u002Fa>.\u003C\u002Fstrong>\u003Cbr>\n  See every tool call, understand the risk, and add guardrails from the same dashboard.\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnk3750\u002Fclawlens\u002Factions\u002Fworkflows\u002Fci.yml\">\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fnk3750\u002Fclawlens\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg\" alt=\"CI\">\u003C\u002Fa>\n  \u003Ca href=\"LICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg\" alt=\"License: MIT\">\u003C\u002Fa>\n  \u003Ca href=\"package.json\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fpackage-json\u002Fv\u002Fnk3750\u002Fclawlens\" alt=\"Version\">\u003C\u002Fa>\n  \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fopenclaw-plugin-orange\" alt=\"OpenClaw Plugin\">\n\u003C\u002Fp>\n\nClawLens is a local OpenClaw plugin for monitoring agent activity. It records tool calls, scores risky behavior, shows live sessions in a dashboard, and lets you create `block`, `require_approval`, or `allow_notify` guardrails from real agent actions.\n\nUse it when your agents can run shell commands, edit files, call external APIs, or operate across multiple sessions and you want an audit trail plus operator-controlled guardrails.\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FAKzhw5GWw5I\">\n    \u003Cimg src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fnk3750\u002Fclawlens\u002Fmain\u002Fdocs\u002Fassets\u002Fclawlens-thumbnail.png\" alt=\"Watch the ClawLens product demo\" width=\"900\">\n  \u003C\u002Fa>\u003Cbr>\n  \u003Csub>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FAKzhw5GWw5I\">Watch the 2-minute product demo\u003C\u002Fa>\u003C\u002Fsub>\n\u003C\u002Fp>\n\n---\n\n## Quickstart\n\nClawLens requires a running OpenClaw gateway (`>= 2026.4.0`).\n\n```bash\nopenclaw plugins install @nk3750\u002Fopenclaw-clawlens\n```\n\nOpen the dashboard:\n\n```text\nhttp:\u002F\u002Flocalhost:18789\u002Fplugins\u002Fclawlens\u002F\n```\n\nYour agents appear after their first tool call. The standard npm install path updates OpenClaw's plugin config automatically; you do not need to edit `~\u002F.openclaw\u002Fopenclaw.json` by hand.\n\n\u003Cdetails>\n\u003Csummary>Other install paths\u003C\u002Fsummary>\n\nInstall from the public GitHub mirror:\n\n```bash\nopenclaw plugins install clawlens --marketplace nk3750\u002Fclawlens\n```\n\nInstall from source:\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fnk3750\u002Fclawlens.git\ncd clawlens\nnpm install\nopenclaw plugins install .\u002F\n```\n\nIf you plan to modify the source, see [CONTRIBUTING.md](CONTRIBUTING.md).\n\n\u003C\u002Fdetails>\n\n---\n\n## Why ClawLens\n\nAgents often take many small actions before the one that matters. ClawLens gives you the activity stream, risk context, and guardrail controls in one place.\n\n| Need | ClawLens gives you |\n|---|---|\n| Know what happened | A local JSONL audit log plus live dashboard views for agents, sessions, and individual tool calls. |\n| Spot risky behavior | Deterministic risk scores and tags for destructive commands, external network access, remote operations, sensitive system paths, credential access, and persistence. |\n| Respond quickly | Guardrails created from observed actions, scoped to one agent or the whole fleet. |\n| Review later | Hash-chained audit entries that make later edits, deletes, or reordering detectable. |\n| Add LLM context | Optional LLM risk evaluation and session summaries when `risk.llmEnabled=true`, using redacted tool-call metadata. |\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fnk3750\u002Fclawlens\u002Fmain\u002Fdocs\u002Fassets\u002Fclawlens-homepage.png\" target=\"_self\">\n    \u003Cimg src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fnk3750\u002Fclawlens\u002Fmain\u002Fdocs\u002Fassets\u002Fclawlens-homepage.png\" alt=\"ClawLens dashboard\" width=\"900\">\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n---\n\n## How It Works\n\n1. OpenClaw runs your agents and tool calls as usual.\n2. ClawLens observes each tool call, computes a deterministic local risk score, redacts common credential patterns, and writes an audit entry.\n3. The local dashboard updates with agents, sessions, risk mix, recent actions, and Attention Inbox items.\n4. When you create a guardrail, matching future tool calls can be blocked, paused for approval, or allowed with a local notification record.\n\nNo SDK, proxy, database, or separate service stack is required.\n\n---\n\n## Guardrails\n\nGuardrails are rules you create from real activity.\n\n| Action | Behavior |\n|---|---|\n| `block` | Rejects matching tool calls before they run. |\n| `require_approval` | Pauses matching calls and uses OpenClaw's configured approval flow. |\n| `allow_notify` | Allows the call while creating local audit and Attention Inbox signals. |\n\nRules can match specific commands, paths, URLs, tools, agents, or broader patterns. They can apply to one agent or the whole fleet.\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fnk3750\u002Fclawlens\u002Fmain\u002Fdocs\u002Fassets\u002Fclawlens-guardrail-add.png\" target=\"_self\">\n    \u003Cimg src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fnk3750\u002Fclawlens\u002Fmain\u002Fdocs\u002Fassets\u002Fclawlens-guardrail-add.png\" alt=\"Create a ClawLens guardrail\" width=\"900\">\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n---\n\n## Data Handling\n\nClawLens is designed for local operation by default. It is still an observability plugin, so it sees tool names and tool parameters; treat its audit log like other sensitive development logs.\n\n| Flow | Default | Leaves your machine? | Notes |\n|---|---:|---:|---|\n| Dashboard | On | No | Served by the local OpenClaw gateway. |\n| Audit log | On | No | Written to `~\u002F.openclaw\u002Fclawlens\u002Faudit.jsonl`; hash-chained, not encrypted. |\n| Deterministic scoring | On | No | Runs locally on tool names and params. |\n| Credential redaction | On | No | Best-effort redaction before audit persistence, summaries, alerts, approval text, and opt-in LLM evaluation. |\n| LLM evaluation | Off | Yes, if enabled | Sends redacted tool-call metadata to your configured OpenClaw LLM provider when `risk.llmEnabled=true`. |\n| Generic high-risk alerts | Off | Depends on OpenClaw routing | Alert text is redacted by default. |\n| `require_approval` guardrails | User-created only | Depends on OpenClaw approval channel | External approval channels may receive prompt text. |\n| `allow_notify` guardrails | User-created only | No by default | Creates local audit rows and local Attention Inbox items. |\n\nOn POSIX systems, ClawLens creates the audit directory\u002Ffile with owner-only permissions where supported. On Windows, audit-log access follows the parent directory's ACLs.\n\nTo remove local audit history:\n\n```bash\nrm -f ~\u002F.openclaw\u002Fclawlens\u002Faudit.jsonl\n```\n\n### Optional LLM Evaluation\n\nLLM evaluation is disabled unless you set `risk.llmEnabled=true`. When enabled, ClawLens can use your configured OpenClaw LLM provider to add context to eligible risk evaluations and generate session summaries.\n\nWhen enabled, ClawLens sends a redacted JSON payload containing:\n\n- current tool name\n- redacted current tool parameters\n- up to 5 recent actions with tool name, redacted parameters, and risk score\n- preliminary deterministic risk score, tier, and tags\n\nClawLens does not read LLM API keys from environment variables and does not send LLM API keys in prompts. Provider credentials are handled by OpenClaw's model\u002Fauth runtime.\n\nRedaction is best-effort. ClawLens removes common credential patterns before LLM evaluation, but you should still avoid placing secrets in tool parameters.\n\n---\n\n## Configuration\n\nMost users do not need custom configuration. Common settings live under `plugins.entries.clawlens.config` in `~\u002F.openclaw\u002Fopenclaw.json`.\n\n| Setting | Default | What it controls |\n|---|---|---|\n| `auditLogPath` | `~\u002F.openclaw\u002Fclawlens\u002Faudit.jsonl` | Where ClawLens writes the JSONL audit log. |\n| `risk.llmEnabled` | `false` | Enables opt-in LLM risk evaluation and LLM-generated summaries. |\n| `risk.llmEvalThreshold` | `50` | Score above which opt-in LLM evaluation can run when enabled. |\n| `alerts.enabled` | `false` | Enables generic high-risk alerts. If routed externally by OpenClaw, alert text may leave your machine. |\n| `alerts.threshold` | `80` | Score above which generic high-risk alerts fire when alerts are enabled. |\n| `alerts.includeParamValues` | `false` | Includes sanitized command\u002Fpath\u002FURL details in alert messages. Credential patterns are still redacted. |\n\n`risk.llmEvalThreshold` only controls opt-in LLM evaluation. It does not control guardrail matching or Attention Inbox freshness. Guardrails fire when a user-created rule matches. `alerts.threshold` only controls generic high-risk alerts when `alerts.enabled=true`.\n\n\u003Cdetails>\n\u003Csummary>Advanced settings and v1.0.1 migration notes\u003C\u002Fsummary>\n\nThe plugin manifest also supports storage-path overrides for guardrails, attention state, saved searches, digest settings, and dashboard alert links. See [openclaw.plugin.json](openclaw.plugin.json) for the full schema.\n\n`risk.llmProvider`, `risk.llmModel`, and `risk.llmApiKeyEnv` are deprecated no-ops in v1.0.1. They are accepted temporarily so existing configs continue to load, but ClawLens ignores them. Remove them from your config before v1.1.0.\n\n\u003C\u002Fdetails>\n\n---\n\n## Scope And Limits\n\nClawLens complements OpenClaw's built-in security. It does not replace tool profiles, exec approvals, prompt-injection detection, OS permissions, or secret scanning.\n\n- Guardrails enforce on OpenClaw tool calls. They do not inspect every byte inside arbitrary payloads.\n- Pattern matching catches obvious risky shapes, but ClawLens is not a full shell interpreter.\n- LLM evaluation can add context when explicitly enabled; deterministic local scoring remains the default.\n- The audit log is tamper-evident, not encrypted or hidden from your OS user, backups, or administrators.\n- Sub-agents are observed and scored, but guardrails set for a parent agent do not automatically apply to spawned children.\n\n---\n\n## FAQ\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Does ClawLens collect telemetry?\u003C\u002Fstrong>\u003C\u002Fsummary>\n\nClawLens does not operate a cloud service, analytics pipeline, telemetry endpoint, install-ping system, or machine-ID system. Installing through npm, GitHub, or ClawHub may still create ordinary registry or download metadata outside ClawLens.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Does it block tool calls by default?\u003C\u002Fstrong>\u003C\u002Fsummary>\n\nNo. By default, ClawLens observes and scores. Blocking only happens after you create a `block` or `require_approval` guardrail.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Can I run it without any external data flow?\u003C\u002Fstrong>\u003C\u002Fsummary>\n\nYes. Keep `risk.llmEnabled=false`, leave `alerts.enabled=false`, and avoid external OpenClaw approval channels for ClawLens guardrails. The default dashboard, audit log, deterministic scoring, and local guardrail records run locally.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>What does LLM evaluation cost?\u003C\u002Fstrong>\u003C\u002Fsummary>\n\nNothing by default because LLM evaluation is off. When enabled, ClawLens uses your configured OpenClaw model\u002Fauth runtime, so usage is billed according to your existing provider setup.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Can I export the audit log?\u003C\u002Fstrong>\u003C\u002Fsummary>\n\nYes. Use the dashboard export action, run `openclaw clawlens audit export --format json --since 7d` (or `csv`), or read the hash-chained JSONL at `~\u002F.openclaw\u002Fclawlens\u002Faudit.jsonl`.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>What if OpenClaw blocks installation?\u003C\u002Fstrong>\u003C\u002Fsummary>\n\nThe standard v1.0.1 install should not require `--dangerously-force-unsafe-install`. If OpenClaw blocks installation, do not force it; open an issue with the full installer warning.\n\n\u003C\u002Fdetails>\n\n---\n\n## Contributing\n\nPRs welcome. See [CONTRIBUTING.md](CONTRIBUTING.md). All changes need tests, and `npm run check` must pass before merge.\n\n## Reporting Issues\n\n- **Bugs:** [open a GitHub issue](https:\u002F\u002Fgithub.com\u002Fnk3750\u002Fclawlens\u002Fissues\u002Fnew?template=bug_report.md)\n- **Security:** see [SECURITY.md](SECURITY.md)\n\n## License\n\nMIT. See [LICENSE](LICENSE).\n\n---\n\n\u003Csub>Built by \u003Ca href=\"https:\u002F\u002Fwww.neelabhbuilds.com\">Neelabh Kumar\u003C\u002Fa> — AI engineer and builder.\u003C\u002Fsub>\n","ClawLens 是一个为 OpenClaw 设计的代理可观测性和防护栏插件，能够记录工具调用、评估风险行为，并在同一仪表板上显示实时会话。它采用 TypeScript 编写，支持通过设置`block`、`require_approval`或`allow_notify`规则来控制实际代理操作。适用于需要对运行 shell 命令、编辑文件、调用外部 API 或跨多个会话操作的代理进行审计跟踪和操作员控制防护栏的场景。MIT 许可证下开源，当前在 GitHub 上获得了 34 颗星。",2,"2026-06-11 04:05:01","CREATED_QUERY"]