Skip to main content

Overview

PromptGuard provides a first-class OpenClaw plugin that hooks into the agent lifecycle to enforce security policies in real-time. No application code changes required. The plugin intercepts:
  • User messages before they reach the LLM (prompt injection detection)
  • Tool call arguments before execution (data exfiltration, code injection)
  • Outgoing messages before delivery (PII redaction)
  • LLM I/O for telemetry and audit logging

Quick Start

Option 1: Environment Variable

export PROMPTGUARD_API_KEY=pg_your_key_here
The plugin auto-discovers the key and activates with default settings (monitor mode, all detectors enabled).

Option 2: OpenClaw Config

# Set API key
openclaw config set plugins.entries.promptguard.config.security.apiKey "pg_your_key_here"

# Switch to enforce mode (blocks threats)
openclaw config set plugins.entries.promptguard.config.security.mode "enforce"

# Enable PII redaction
openclaw config set plugins.entries.promptguard.config.security.redactPii true

Configuration Reference

All settings live under plugins.entries.promptguard.config.security:
SettingTypeDefaultDescription
apiKeystringPromptGuard API key (required)
baseUrlstringhttps://api.promptguard.co/api/v1Custom API endpoint for self-hosted deployments
mode"enforce" | "monitor""monitor"enforce blocks threats; monitor logs them
scanInputsbooleantrueScan user messages before LLM call
scanToolArgsbooleantrueScan tool call arguments before execution
redactPiibooleanfalseAuto-redact PII from outgoing messages
detectorsstring[]allWhich threat categories to enable

Available Detectors

DetectorCatches
prompt-injection”Ignore previous instructions”, system prompt extraction, jailbreaks
data-exfiltrationSensitive data being sent to external URLs, unauthorized API calls
code-injectionSQL injection, shell injection, script injection in tool args
piiEmails, phone numbers, addresses, SSNs in outgoing messages
credit-cardCredit card numbers in any direction
toxicityHarmful, hateful, or abusive content

Full Config Example

{
  "plugins": {
    "entries": {
      "promptguard": {
        "enabled": true,
        "config": {
          "security": {
            "apiKey": "pg_your_key_here",
            "baseUrl": "https://api.promptguard.co/api/v1",
            "mode": "enforce",
            "scanInputs": true,
            "scanToolArgs": true,
            "redactPii": true,
            "detectors": [
              "prompt-injection",
              "data-exfiltration",
              "code-injection",
              "pii",
              "credit-card"
            ]
          }
        }
      }
    }
  }
}

How It Works

Hook Pipeline

User Message


┌─────────────────────┐
│ before_agent_reply   │  ← Scans input for injection
│ (blocking)           │  → Blocks or allows
└─────────┬───────────┘


    LLM Processing


┌─────────────────────┐
│ before_tool_call     │  ← Validates tool arguments
│ (blocking)           │  → Blocks or allows
└─────────┬───────────┘


    Tool Execution


┌─────────────────────┐
│ message_sending      │  ← Redacts PII in output
│ (modifying)          │  → Returns sanitized text
└─────────┬───────────┘


    Message Delivered

Enforce vs Monitor

BehaviorEnforceMonitor
Threat detected in inputBlocks message with explanationLogs warning, message proceeds
Suspicious tool argumentsBlocks tool executionLogs warning, tool proceeds
PII in outputRedacts before sendingRedacts before sending
API unreachableFails open (proceeds)Fails open (proceeds)

MCP Tools (Optional)

When the PromptGuard CLI is installed, the plugin can bundle MCP tools for agent-initiated scanning: 
{
  "mcp": {
    "servers": {
      "promptguard": {
        "command": "promptguard",
        "args": ["mcp", "-t", "stdio"]
      }
    }
  }
}
This gives the agent access to promptguard_scan_text, promptguard_redact, promptguard_scan_project, and promptguard_status tools for proactive security checks beyond the automatic hooks.

Chat Commands

Use /promptguard in any OpenClaw conversation: 
/promptguard status     → Show connection status and configuration
/promptguard test       → Scan a test prompt injection payload
/promptguard test Hello → Scan custom text

Agent Skills

The plugin includes a SKILL.md that teaches the agent when and how to use PromptGuard tools proactively:
  • Scan suspicious inputs before processing
  • Check tool arguments before executing sensitive operations
  • Redact PII before including personal data in responses
  • Run project security audits on request

Troubleshooting

Plugin not loading

Verify the API key is set: 
echo $PROMPTGUARD_API_KEY
# or
openclaw config get plugins.entries.promptguard.config.security.apiKey

False positives in enforce mode

  1. Switch to monitor mode to collect data
  2. Review events in the PromptGuard dashboard
  3. Adjust detectors array to exclude noisy categories
  4. Switch back to enforce once tuned

API connectivity

# Test from CLI
promptguard whoami

# Test from OpenClaw
/promptguard status

Next Steps

Security Examples

Real-world attack scenarios and how PromptGuard blocks them

CLI Reference

Full PromptGuard CLI command reference

Policy Presets

Pre-built security policies for common use cases

Dashboard

Monitor threats and events in real-time