Securing OpenClaw with Navil

Protect your OpenClaw-connected agents in under 2 minutes.

Why this matters

824+ malicious skills have been cataloged in OpenClaw registries. Static scanning catches 1.7% of issues. The other 98.3% only appear at runtime — prompt injection in tool descriptions, credential exfiltration through tool calls, and rug pull attacks where servers change behavior after installation.

Quick Start

Terminal

# Install navil
pip install navil

# Wrap your OpenClaw config — done
navil wrap openclaw.json

That's it. Every tool call now passes through Navil's security proxy. No config changes to your agent.

What Happens After Wrapping

Data Flow

Your Agent
    ↓ (tool call)
Navil Shim (transparent proxy)
    ├── Checks call against 568 threat signatures
    ├── Runs anomaly detection (11 attack patterns)
    ├── Enforces policy rules (if configured)
    ├── Logs everything for audit trail
    ↓ (if safe)
OpenClaw MCP Server
    ↓ (response)
Navil Shim
    ├── Scans response for data exfiltration
    ├── Checks for prompt injection in output
    ↓ (if clean)
Your Agent

Before vs After

Without Navil	With Navil
Agent trusts all tool descriptions blindly	Descriptions checked against injection patterns
Credentials exposed via env read tools	Credential access logged and policy-gated
No visibility into what tools do	Full audit trail of every call
Malicious responses reach agent	Responses scanned for injection/exfil
No threat sharing	Your detections protect every Navil user

Optional: Policy Enforcement

Create a policy file to enforce rules on OpenClaw skills:

policy.yaml

default_action: allow

rules:
  - tool: "exec_command"
    action: deny
    reason: "Shell execution blocked for OpenClaw skills"

  - tool: "read_file"
    arguments:
      path:
        deny_patterns:
          - "~/.ssh/*"
          - "~/.aws/*"
          - ".env*"
    action: deny
    reason: "Sensitive file access blocked"

  - tool: "*"
    rate_limit: 60/minute
    reason: "Rate limit all tool calls"

Terminal

navil wrap openclaw.json --policy policy.yaml

Optional: Cloud Dashboard

Connect to Navil Cloud for real-time monitoring, analytics, and community threat intelligence:

Terminal

navil cloud login

Opens your browser, sign in, done. Your machine starts contributing to the community threat network and receives patterns from other users in return.

CI/CD: Scan OpenClaw Configs in PRs

.github/workflows/mcp-scan.yml

name: MCP Security Scan
on:
  pull_request:
    paths: ['openclaw.json', '*.mcp.json']

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: navilai/navil/.github/actions/scan@main
        with:
          config: openclaw.json
          fail-on: high

Quick Start

CLI Commands

Securing OpenClaw with Navil

Protect your OpenClaw-connected agents in under 2 minutes.

Why this matters

Quick Start

Terminal

# Install navil
pip install navil

# Wrap your OpenClaw config — done
navil wrap openclaw.json

That's it. Every tool call now passes through Navil's security proxy. No config changes to your agent.

What Happens After Wrapping

Data Flow

Your Agent
    ↓ (tool call)
Navil Shim (transparent proxy)
    ├── Checks call against 568 threat signatures
    ├── Runs anomaly detection (11 attack patterns)
    ├── Enforces policy rules (if configured)
    ├── Logs everything for audit trail
    ↓ (if safe)
OpenClaw MCP Server
    ↓ (response)
Navil Shim
    ├── Scans response for data exfiltration
    ├── Checks for prompt injection in output
    ↓ (if clean)
Your Agent

Before vs After

Without Navil	With Navil
Agent trusts all tool descriptions blindly	Descriptions checked against injection patterns
Credentials exposed via env read tools	Credential access logged and policy-gated
No visibility into what tools do	Full audit trail of every call
Malicious responses reach agent	Responses scanned for injection/exfil
No threat sharing	Your detections protect every Navil user

Optional: Policy Enforcement

Create a policy file to enforce rules on OpenClaw skills:

policy.yaml

default_action: allow

rules:
  - tool: "exec_command"
    action: deny
    reason: "Shell execution blocked for OpenClaw skills"

  - tool: "read_file"
    arguments:
      path:
        deny_patterns:
          - "~/.ssh/*"
          - "~/.aws/*"
          - ".env*"
    action: deny
    reason: "Sensitive file access blocked"

  - tool: "*"
    rate_limit: 60/minute
    reason: "Rate limit all tool calls"

Terminal

navil wrap openclaw.json --policy policy.yaml

Optional: Cloud Dashboard

Connect to Navil Cloud for real-time monitoring, analytics, and community threat intelligence:

Terminal

navil cloud login

Opens your browser, sign in, done. Your machine starts contributing to the community threat network and receives patterns from other users in return.

CI/CD: Scan OpenClaw Configs in PRs

.github/workflows/mcp-scan.yml

name: MCP Security Scan
on:
  pull_request:
    paths: ['openclaw.json', '*.mcp.json']

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: navilai/navil/.github/actions/scan@main
        with:
          config: openclaw.json
          fail-on: high