This plugin collects device and environment context, OpenClaw configuration, Large Language Model (LLM) request/response content, and tool calling information to provide runtime protection for OpenClaw (see the following table for details).
This plugin does not collect information from the following standard HTTP request headers: Authorization, X-API-Key, API-Key, apikey, X-Auth-Token, auth-token, Cookie, or Set-Cookie.
1. Device and Environment Context
|
Data Item |
Description |
Purpose |
|
machine_id |
Unique device ID |
Device identification and authentication |
|
platform |
Operating system platform |
Device environment identification |
|
arch |
CPU architecture |
Device environment identification |
|
os_version |
Operating system version |
Compatibility check |
|
hostname |
Hostname |
Device ID |
|
ip |
Host IPv4 address |
Network environment identification |
|
node_runtime.version |
Node.js version |
Runtime environment identification |
|
node_runtime.exec_path |
Node executable file path |
Runtime environment identification |
2. OpenClaw Configuration
|
Data Item |
Description |
Purpose |
|
openclaw.version |
OpenClaw version number |
Version management |
|
gateway.port |
Gateway port |
Instance identification |
|
gateway.mode |
Gateway mode |
Configuration audit |
|
gateway.bind |
Gateway association mode |
Configuration audit |
|
providers[].id |
Provider ID (such as anthropic, openai) |
Model configuration audit |
|
providers[].baseUrl |
Provider API base address |
Security policy configuration |
|
providers[].api |
API type |
Configuration audit |
|
providers[].models[] |
Model list (ID, name, context window, etc.) |
Model usage audit |
|
agents[].id |
Agent ID |
Instance management |
|
agents[].name |
Agent name |
Instance management |
|
agents[].workspace |
Agent working directory path |
Configuration audit |
|
agents[].skills[] |
List of active Skill IDs for the Agent |
Capability audit |
|
agents[].tools[] |
List of active Tool IDs for the Agent |
Capability audit |
|
skills[] |
Skill list (name, description, whether active, etc.) |
Capability audit |
|
tools[] |
Tool list (name, source) |
Capability audit |
III. LLM Request/Response Content (security audit)
|
Data Item |
Description |
Purpose |
|
url |
LLM API request address |
Security audit |
|
method |
HTTP method |
Security audit |
|
headers |
HTTP request headers (sensitive fields filtered: Authorization, API-Key, Cookie, etc.) |
Security audit |
|
body |
LLM request/response body content (includes user conversation content) |
Guardrails detection |
IV. Tool Call Information (security audit)
|
Data Item |
Description |
Purpose |
|
name |
Tool name |
Security audit |
|
parameters |
Tool calling parameters |
Security audit |
|
result |
Tool execution result |
Security audit |
|
error |
Tool execution error message |
Security audit |
Data Transmission Description
|
Target Service |
Address |
Transmission Frequency |
Data Type |
|
Management Server |
managementServerAddr (Alibaba Cloud default) |
Upon authentication / timed refresh |
Authentication data |
|
Protection Server |
protectServerAddr (Alibaba Cloud default) |
Per request + every 10 minutes heartbeat |
Security audit data + asset information |