ClawGateClawGate.ai

Setup Guide

Five minutes. Let's go.

1

Install the App

Download ClawGate from the App Store and create your account.

Download for iOS

When you open the app for the first time:

  1. Create your account with email
  2. You'll be prompted to register a passkey — just scan your face. That's it.
  3. Your passkey syncs via iCloud Keychain across all your Apple devices
2

Get Your API Key

In the app, go to Settings → API Keys → Create New.

Give it a name (e.g. "My Agent") and tap Create. Your key will look like:

ag_xDWZ7V_OamQEDz-uBk5t4LeM6bZxBHXi

Copy it now — you won't be able to see it again. (You can always generate a new one.)

3

Install the Plugin

Install the ClawGate plugin for OpenClaw:

openclaw plugins install clawgate

Or install manually: npm install clawgate in your OpenClaw extensions directory (~/.openclaw/extensions/clawgate/).

4

Configure OpenClaw

Add ClawGate to your OpenClaw config file (~/.openclaw/openclaw.json):

{
  "plugins": {
    "entries": {
      "clawgate": {
        "enabled": true,
        "config": {
          "apiKey": "ag_YOUR_KEY_HERE",
          "agentId": "my-agent"
        }
      }
    }
  }
}

The server URL defaults to https://api.clawgate.ai — no need to set it unless you're self-hosting.

Restart OpenClaw to load the plugin:

openclaw gateway restart
5

Test It

Run the built-in test command:

openclaw clawgate test

This sends a test approval request to your phone. Approve it with Face ID to confirm everything works.

Then try a real interception — ask your agent to delete a test file:

# Create a test file, then ask your agent:
# "Delete the file test.txt"
# You'll get a push notification — approve or deny with Face ID
🎉

You're all set

ClawGate automatically intercepts sensitive tool calls at the infrastructure level. Your agent can't bypass it — approve or deny with Face ID in under 2 seconds.

Configuring Sensitive Patterns

ClawGate comes with sensible defaults that catch dangerous operations: file deletion (rm, Remove-Item, del), disk operations, npm publish, git push --force, database DROP/TRUNCATE, and more.

To customize patterns, edit the patterns array in your OpenClaw config:

{
  "plugins": {
    "entries": {
      "clawgate": {
        "enabled": true,
        "config": {
          "apiKey": "ag_YOUR_KEY_HERE",
          "agentId": "my-agent",
          "patterns": [
            { "match": "rm\\s", "description": "Delete files (Unix)", "tools": ["exec"] },
            { "match": "Remove-Item", "description": "Delete files (PowerShell)", "tools": ["exec"] },
            { "match": "send.*email", "description": "Send email" },
            { "match": "stripe.*charge", "description": "Create Stripe charge" },
            { "match": "npm publish", "description": "Publish to npm", "tools": ["exec"] },
            { "match": "git push.*--force", "description": "Force push to git", "tools": ["exec"] },
            { "match": "drop.*table", "description": "Drop database table", "tools": ["exec"] }
          ]
        }
      }
    }
  }
}

Patterns use regular expressions (case-insensitive). The tools array limits a pattern to specific tool names (e.g. only exec). If omitted, the pattern matches all tools.

You can also require approval for all calls to a specific tool:

"alwaysRequireApproval": ["message", "browser"]

View your active patterns anytime: openclaw clawgate patterns

For AI Agents

Good news: you don't need to do anything special. ClawGate works automatically.

🔒 How It Works (v2 — Automatic Enforcement)

ClawGate v2 uses OpenClaw's before_tool_call hook to intercept tool calls at the infrastructure level. This means:

  • No agent code changes needed — the plugin intercepts automatically
  • Agents cannot bypass it — enforcement happens before the tool executes
  • Pattern matching determines which calls need approval
  • Fail-closed by default — if the server is unreachable or the request times out, the action is blocked

When a sensitive tool call is detected, the agent's execution pauses while ClawGate sends a push notification to the user's phone. The user approves or denies with Face ID. If denied (or timed out), the tool call is blocked and the agent receives a denial message.

💡 API Quick Reference

If you need to integrate ClawGate outside of OpenClaw, here's the API:

POST https://api.clawgate.ai/api/v1/approval/request
Authorization: Bearer ag_USER_KEY_HERE
Content-Type: application/json

{
  "agentId": "my-agent",
  "action": "send-email",
  "description": "Send quarterly report to investors@company.com",
  "timeoutSeconds": 120
}

// Poll for result:
GET https://api.clawgate.ai/api/v1/approval/status/{requestId}

// Response: { "status": "APPROVED" | "DENIED" | "PENDING" | "EXPIRED" }

Need help? Check the full docs or open an issue.

Full DocumentationGitHub Issues