Project Templates์ถ์ฒ: Show HN์กฐํ์ 12
Show HN: GatewayStack โ Deny-by-default security for OpenClaw tool calls
By davidcrowe2026๋
2์ 16์ผ
**Show HN: GatewayStack โ Deny-by-default security for OpenClaw tool calls**
I installed OpenClaw and pointed it at a project directory. Within minutes it had read my .env file. I tried adding a permissions skill to lock things down. Skills are advisory; the LLM can skip the check or be convinced by a prompt injection to bypass it.So I built a plugin that hooks into before_tool_call at the process level. Checks run on every tool call: identity mapping, deny-by-default scope, enforcement, rate limiting, injection detection, and audit logging...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ Show HN์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
I installed OpenClaw and pointed it at a project directory. Within minutes it had read my .env file. I tried adding a permissions skill to lock things down. Skills are advisory; the LLM can skip the check or be convinced by a prompt injection to bypass it.So I built a plugin that hooks into before_tool_call at the process level. Checks run on every tool call: identity mapping, deny-by-default scope, enforcement, rate limiting, injection detection, and audit logging...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ Show HN์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.