ClawHub
Code PluginExecutes codesource-linked

Fine-grained access control for Openclaw https://github.com/yang-chen8810/openclaw-tool-access-control

Fine-grained access control for OpenClaw tool calls. https://github.com/yang-chen8810/openclaw-tool-access-control

Community code plugin. Review compatibility and verification before install.
fg-tool-access-control · runtime id fg-tool-access-control
Install
openclaw plugins install clawhub:fg-tool-access-control
Latest Release
Version 1.0.0-beta.3
Compatibility
{
  "builtWithOpenClawVersion": "1.0.0-beta.1",
  "pluginApiRange": "^1.0.0"
}
Capabilities
{
  "bundledSkills": [],
  "capabilityTags": [
    "executes-code"
  ],
  "channels": [],
  "commandNames": [],
  "configSchema": true,
  "configUiHints": false,
  "executesCode": true,
  "hooks": [],
  "httpRouteCount": 0,
  "materializesDependencies": false,
  "providers": [],
  "runtimeId": "fg-tool-access-control",
  "serviceNames": [],
  "setupEntry": false,
  "toolNames": []
}
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (fine‑grained access control for OpenClaw) match the included code: evaluator, rule parser, hooks (before-tool-call, access-control), config manager, and an admin UI. The code registers evaluators, loads policies, and enforces allow/deny semantics — all coherent with the stated purpose.
Instruction Scope
SKILL.md content is effectively the package.json and build/run scripts. Runtime behavior (hooks and evaluator) stays within access-control responsibilities. Two notes: (1) package scripts reference an antlr4 codegen step that requires java/ANTLR (build-time only — the repo contains generated antlr4 code so runtime won't need Java), and (2) plugin-loader dynamically imports .js/.ts files from a plugins folder — this lets site operators extend attribute retrievers/functions but also executes local code when the plugin loads. The dynamic import behavior is expected for extensibility but increases the surface for inadvertently executing malicious local code.
Install Mechanism
There is no install spec (instruction-only skill) and dependencies are standard npm packages (antlr4, openclaw). No network downloads, URLs, or extract steps in an installer were found. The package includes built/generated artifacts, so no additional build-time downloads appear necessary for runtime.
Credentials
The skill declares no required environment variables, no credentials, and no system config paths. The code reads its own config.json and system.policy.json (packaged) which is appropriate. There are no unexpected credential requests or references to unrelated services in the inspected files.
Persistence & Privilege
The skill is not force-included (always:false) and allows normal autonomous invocation (disable-model-invocation:false) which is the platform default and expected for a plugin. It does include an admin UI (server.js) that can run an HTTP server (configurable port in tests), which is appropriate for an admin interface but increases operational exposure if left accessible to untrusted networks.
Assessment
This plugin appears to be what it says: an access-control extension for OpenClaw. Before enabling it: (1) review any third‑party or local plugins you place in its plugins folder — the plugin-loader will dynamically import and execute .js/.ts files, so only install trusted plugin code; (2) if you run the included admin UI, bind it to localhost or protect it with network controls and authentication to avoid exposing policy management; (3) check packaged system.policy.json and your configured policies to ensure deny rules cover sensitive operations (e.g., exec); (4) run the plugin in a sandboxed agent environment first (restricted filesystem/network) to confirm behavior; and (5) note the package.json build scripts reference Java/ANTLR for regeneration of grammar files — you don't need Java at runtime because the generated antlr code is included, but building from source would require those tools. If you want to reduce risk, do not grant this skill broad agent-level privileges or enable it for untrusted, autonomous agents until you audit installed plugins and network exposure.
Verification
{
  "hasProvenance": false,
  "scanStatus": "clean",
  "scope": "artifact-only",
  "sourceCommit": "c7d162028055cbc6db19a8d052dc73d281f48c77",
  "sourceRepo": "yang-chen8810/openclaw-tool-access-control",
  "sourceTag": "main",
  "summary": "Validated package structure and linked the release to source metadata.",
  "tier": "source-linked"
}
Tags
{
  "latest": "1.0.0-beta.3"
}