OpenClaw Plugin

One command. Full security. Set up your personal AI assistant the right way.

---

Why This Plugin?

Setting up OpenClaw securely takes 15+ manual steps. This plugin does it in one command.

/openclaw-setup

That's it. You're done.

---

What You Get

Before	After
Gateway exposed to network	Loopback only (local access)
No authentication	32-byte cryptographic token
Anyone can DM your bot	Pairing code required
Full tool access	Dangerous tools blocked
Default permissions	Hardened 700/600

---

Quick Start

Install the Plugin

# One-liner
/plugin install github:cathy-kim/openclaw-plugin

Run Setup

/openclaw-setup

Done. Your AI is locked down.

---

Commands

Command	What it does
/openclaw-setup	Full install + security hardening
/openclaw-setup install	Install OpenClaw only
/openclaw-setup security	Apply security settings only
/openclaw-setup audit	Run security audit

---

Security Defaults

This plugin applies paranoid-level security out of the box:

Blocked (Dangerous)

• exec - Shell execution
• write / edit - File modification
• browser - Browser automation
• process - Process control
• apply_patch - Code patches

Allowed (Safe)

• read - File reading
• search - Code search
• web_search / web_fetch - Web access

---

Requirements

Component	Version	Why
Claude Code	2.0.0+	Plugin system
Node.js	18+	Native fetch, crypto.subtle
Node.js	22+	OpenClaw runtime (sandbox isolation)

---

After Setup

# 1. Connect channels
openclaw onboard

# 2. Login to WhatsApp
openclaw channels login whatsapp

# 3. Verify everything works
openclaw status

---

How It Works

openclaw-plugin/
├── skills/openclaw-setup/
│   ├── SKILL.md              # Main logic
│   ├── hooks/setup.sh        # Automation script
│   └── references/           # Security docs
└── .claude-plugin/plugin.json

---

Links

• OpenClaw Docs
• Security Guide
• Report Issues

---

License

MIT - Do whatever you want.

---

Stop configuring. Start building.