PolicyShield — Before & After

❌ Without PolicyShield

Agent runs anything. No guardrails.

Terminal — openclaw agent

user $ openclaw agent --local -m "Show me /etc/hosts using cat"

🦞 OpenClaw 2026.2.19

⚡ Executing: cat /etc/hosts

                        ##

                        # Host Database

                        127.0.0.1     localhost

                        255.255.255.255 broadcasthost

                        ::1             localhost

                        10.0.1.5      staging.internal

                        10.0.1.10     db.prod.internal

                        10.0.1.99     admin-vpn.corp

⚠️ Internal hostnames and IPs exposed

🛡️ With PolicyShield

Every tool call checked before execution.

Terminal — openclaw agent + policyshield

user $ openclaw agent --local -m "Show me /etc/hosts using cat"

🦞 OpenClaw 2026.2.19

✓ Connected to PolicyShield server

🛡️ BLOCKED — Rule: block-cat
PolicyShield blocked 'cat' (demo rule: block-cat)

I can't execute that command due to the current policy restrictions.
If you need information from the /etc/hosts file, I can help
you with alternatives. Let me know how you'd like to proceed!

How it works: PolicyShield sits between your agent and
the tools it calls. Rules are YAML — no code changes needed.

pip install policyshield[server]
policyshield openclaw setup