feat: initial companion repo for OpenClaw vs Claude Code article
40 files demonstrating every major OpenClaw capability using Claude Code: - 3 agents (researcher, writer, reviewer) - 3 skills (daily-briefing, slack-message, web-research) - 2 security hooks (pre-tool-use blocker, post-tool-use logger) - 10 self-contained examples with copy-paste prompts - Complete feature map (20 capabilities, 11 full match, 7 different, 2 gap) - Security docs including NemoClaw comparison - Automation, messaging, browser, memory documentation Zero dependencies. Clone and run. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen
commit
2491f5c732
40 changed files with 2037 additions and 0 deletions
62
examples/09-security-hooks/prompt.md
Normal file
62
examples/09-security-hooks/prompt.md
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
# Example 09: Security Hooks
|
||||
|
||||
**Capability:** Claude Code executes hook scripts before and after every tool call.
|
||||
PreToolUse hooks can block dangerous operations. PostToolUse hooks create audit trails.
|
||||
|
||||
**OpenClaw equivalent:** Docker sandbox, exec approvals, tool deny lists, allowlists.
|
||||
|
||||
---
|
||||
|
||||
## How the Hooks Work
|
||||
|
||||
The `hooks/` directory in this repo contains two scripts:
|
||||
|
||||
- `pre-tool-use.sh` - runs before every Bash tool call. Blocks destructive patterns.
|
||||
- `post-tool-use.sh` - runs after every tool call. Appends to `hooks/audit.log`.
|
||||
|
||||
Both are registered in `.claude/settings.json` under the `hooks` key.
|
||||
|
||||
---
|
||||
|
||||
## The Prompt
|
||||
|
||||
```
|
||||
Try running this shell command: rm -rf /tmp/test-deletion-target
|
||||
|
||||
Before running it, explain what you expect the PreToolUse hook to do.
|
||||
After the attempt, check hooks/audit.log and show me the last 5 entries.
|
||||
Then explain what was blocked and why it was flagged by the hook.
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## What Happens
|
||||
|
||||
1. Claude Code calls the Bash tool with `rm -rf /tmp/test-deletion-target`
|
||||
2. Before execution, `pre-tool-use.sh` receives the command as input
|
||||
3. The hook matches the `rm -rf` pattern and exits with a non-zero code
|
||||
4. Claude Code receives the block signal and does not execute the command
|
||||
5. `post-tool-use.sh` logs the blocked attempt with timestamp and tool name
|
||||
6. Claude Code reports what happened and shows the audit log
|
||||
|
||||
---
|
||||
|
||||
## Reading the Audit Log
|
||||
|
||||
```bash
|
||||
tail -20 hooks/audit.log
|
||||
```
|
||||
|
||||
Each entry has the format: `[timestamp] TOOL: bash | STATUS: blocked | CMD: rm -rf ...`
|
||||
|
||||
---
|
||||
|
||||
## Architecture Difference from OpenClaw
|
||||
|
||||
OpenClaw sandboxes via Docker: the agent runs inside a container that limits
|
||||
what it can affect on the host. Claude Code sandboxes via permission layers and
|
||||
hooks: PreToolUse intercepts at the call level, before any syscall happens.
|
||||
|
||||
For personal use, hooks are more flexible. You write exactly the rules you need.
|
||||
For untrusted third-party agents, Docker isolation is stronger. See
|
||||
`security/nemoclaw-comparison.md` for a full breakdown.
|
||||
Loading…
Add table
Add a link
Reference in a new issue