Explains ClawdStrike's 12 security guards, rulesets (permissive, default, strict), and policies for troubleshooting denials, understanding blocks, and configuring settings.
From clawdstrikenpx claudepluginhub backbay-labs/clawdstrike --plugin clawdstrikeThis skill uses the workspace's default tool permissions.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
| Guard | Action Type | Purpose | Default Status |
|---|---|---|---|
| ForbiddenPathGuard | file | Blocks access to sensitive filesystem paths (e.g., /etc/shadow, ~/.ssh/id_rsa) | permissive: ON, default: ON, strict: ON |
| PathAllowlistGuard | file | Only allows file access to explicitly permitted paths | permissive: OFF, default: OFF, strict: ON |
| EgressAllowlistGuard | egress | Controls outbound network access by domain allowlist | permissive: OFF, default: ON, strict: ON |
| SecretLeakGuard | file | Detects secrets, API keys, and credentials in file writes | permissive: ON, default: ON, strict: ON |
| PatchIntegrityGuard | file | Validates that patches/diffs don't introduce unsafe changes | permissive: OFF, default: ON, strict: ON |
| ShellCommandGuard | shell | Blocks dangerous shell commands (rm -rf, sudo, etc.) | permissive: OFF, default: ON, strict: ON |
| McpToolGuard | mcp_tool | Restricts which MCP tools can be invoked | permissive: OFF, default: OFF, strict: ON |
| PromptInjectionGuard | prompt | Detects prompt injection attempts in inputs | permissive: OFF, default: ON, strict: ON |
| JailbreakGuard | prompt | 4-layer jailbreak detection (heuristic + statistical + ML + LLM-judge) | permissive: OFF, default: OFF, strict: ON |
| ComputerUseGuard | computer_use | Controls Computer Use Agent actions for remote desktop | permissive: OFF, default: OFF, strict: ON |
| RemoteDesktopSideChannelGuard | remote_desktop | Side-channel controls (clipboard, audio, drive mapping, file transfer) | permissive: OFF, default: OFF, strict: ON |
| InputInjectionCapabilityGuard | computer_use | Restricts input injection capabilities in CUA environments | permissive: OFF, default: OFF, strict: ON |
Use clawdstrike_policy_show to inspect any ruleset.
| Ruleset | Use Case |
|---|---|
permissive | Development/testing -- minimal restrictions |
default | General purpose -- balanced security |
strict | High-security environments -- maximum restrictions |
ai-agent | AI coding agents -- tuned for agent workflows |
cicd | CI/CD pipelines -- restricted to build/deploy operations |
ai-agent-posture | Agent posture assessment -- monitoring without blocking |
remote-desktop | Remote desktop sessions -- balanced CUA controls |
remote-desktop-permissive | Permissive CUA -- fewer restrictions for trusted environments |
remote-desktop-strict | Strict CUA -- maximum restrictions for untrusted environments |
Call clawdstrike_policy_show with no arguments to see the currently loaded policy, or pass a ruleset name to inspect a specific one.
Call clawdstrike_policy_eval with an action_type and target to see which guards would fire and what the verdict would be, without actually executing the action.
Policies support inheritance via the extends field:
extends: strict)ClawdStrike follows a fail-closed design:
This means if something goes wrong, the system errs on the side of security rather than availability.
If the active policy is blocking legitimate actions, follow these steps to relax it safely:
clawdstrike_policy_eval with the denied action to see exactly which guard is blocking it.strict, try default or ai-agent. Use clawdstrike_policy_show to compare what changes.schema_version: "1.2.0"
extends: strict
guards:
ForbiddenPathGuard:
additional_allowed_paths:
- "/path/that/was/blocked"
enabled: false for a specific guard only if the above options do not work. Never disable SecretLeakGuard in production.clawdstrike_policy_eval again to confirm the action is now allowed without opening unintended gaps.When this skill is active:
clawdstrike_policy_show and clawdstrike_policy_eval to give concrete answers