feat: initial companion repo for OpenClaw vs Claude Code article
40 files demonstrating every major OpenClaw capability using Claude Code: - 3 agents (researcher, writer, reviewer) - 3 skills (daily-briefing, slack-message, web-research) - 2 security hooks (pre-tool-use blocker, post-tool-use logger) - 10 self-contained examples with copy-paste prompts - Complete feature map (20 capabilities, 11 full match, 7 different, 2 gap) - Security docs including NemoClaw comparison - Automation, messaging, browser, memory documentation Zero dependencies. Clone and run. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen
commit
2491f5c732
40 changed files with 2037 additions and 0 deletions
53
hooks/pre-tool-use.sh
Executable file
53
hooks/pre-tool-use.sh
Executable file
|
|
@ -0,0 +1,53 @@
|
|||
#!/bin/bash
|
||||
# PreToolUse hook: Block dangerous shell commands before execution.
|
||||
#
|
||||
# This hook reads the tool input from stdin (JSON with tool_name and tool_input)
|
||||
# and blocks commands that could cause serious damage.
|
||||
#
|
||||
# How it works:
|
||||
# - Claude Code calls this script BEFORE executing any Bash command
|
||||
# - If the script exits with code 2, the command is BLOCKED
|
||||
# - The "decision" field in stdout JSON controls the outcome
|
||||
#
|
||||
# OpenClaw equivalent: exec approvals + tool deny lists + Docker sandbox
|
||||
# Claude Code approach: hook-based guardrails (more flexible, user-controlled)
|
||||
|
||||
input=$(cat)
|
||||
tool_name=$(echo "$input" | python3 -c "import sys,json; print(json.load(sys.stdin).get('tool_name',''))" 2>/dev/null)
|
||||
command=$(echo "$input" | python3 -c "import sys,json; print(json.load(sys.stdin).get('tool_input',{}).get('command',''))" 2>/dev/null)
|
||||
|
||||
# Only check Bash commands
|
||||
if [ "$tool_name" != "Bash" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Blocked patterns
|
||||
blocked_patterns=(
|
||||
"rm -rf /"
|
||||
"rm -rf ~"
|
||||
"rm -rf \$HOME"
|
||||
"mkfs"
|
||||
"dd if="
|
||||
":(){:|:&};:"
|
||||
"chmod -R 777 /"
|
||||
"curl.*|.*bash"
|
||||
"wget.*|.*bash"
|
||||
"curl.*|.*sh"
|
||||
"wget.*|.*sh"
|
||||
"> /dev/sda"
|
||||
"sudo rm"
|
||||
"shutdown"
|
||||
"reboot"
|
||||
"init 0"
|
||||
"init 6"
|
||||
)
|
||||
|
||||
for pattern in "${blocked_patterns[@]}"; do
|
||||
if echo "$command" | grep -qi "$pattern"; then
|
||||
echo '{"decision": "block", "reason": "Blocked by security hook: command matches dangerous pattern '"'$pattern'"'"}'
|
||||
exit 2
|
||||
fi
|
||||
done
|
||||
|
||||
# Allow everything else
|
||||
exit 0
|
||||
Loading…
Add table
Add a link
Reference in a new issue