pi-governance: RBAC, DLP, and audit logging for OpenClaw coding agents
pi-governance is a new OpenClaw plugin that addresses security concerns with AI coding agents having unrestricted system access. The tool was created by a developer who grew tired of agents having full access to terminals, filesystems, and secrets during daily use.
How it works
The plugin sits between your coding agent and your system, intercepting and classifying every tool call. It blocks potentially risky operations based on its analysis.
Key features
- Bash command blocking
- DLP (Data Loss Prevention) scanning for secrets and PII
- Role-based access control (RBAC)
- Structured audit logging
- Works out of the box with zero configuration
Installation
Install using the OpenClaw plugin command:
openclaw plugins install @grwnd/openclaw-governanceThe developer is seeking feedback on what additional controls users might want from such a governance framework.
📖 Read the full source: r/openclaw
👀 See Also
Local Model Prompt Injection Scanner for AI Skills Security
A proof-of-concept tool scans third-party AI skills for hidden bash command injections using a local non-tool-calling model like mistral-small:latest on Ollama, addressing security vulnerabilities in Claude Code's ! operator feature.
Five Essential Security Steps for OpenClaw Instances
A Reddit post warns that running OpenClaw with default settings creates significant security risks and outlines five immediate actions: change the default port, use Tailscale for private access, configure a firewall, create separate accounts for the agent, and scan skills before installation.
GitHub repository documents 16 prompt injection techniques and defense strategies for public AI chats
A developer published a GitHub repository detailing security measures for public AI chatbots after users attempted prompt injection, roleplay attacks, multilingual tricks, and base64 encoded payloads. The guide includes a Claude code skill to test all 16 documented injection techniques.
Open Source AI Tools Pose Security Risks Through 'Illusory Security Through Transparency'
A Reddit post warns about malware disguised as open-source AI agents and tools, where malicious code can be hidden in large codebases that users assume are safe because they're on GitHub. The post describes how 'vibe-coding' and autonomous AI agents condition users to run unknown programs without review.