凌晨3点29分,我收到一条告警:某个Agent在生产环境执行了rm -rf。那一刻,我意识到——无约束的AI权力,就像没装刹车的跑车。
OpenClaw v2026.5.21引入的Policy插件,正是那套「刹车系统」。它提供:
# 安装Policy插件 openclaw plugin install @openclaw/plugin-policy # 启用插件 openclaw plugin enable policy # 验证安装 openclaw plugin list | grep policy
安装后,插件会在 ~/.openclaw/plugins/policy/ 创建配置目录。
采用「白名单」模式,只允许明确授权的操作:
// ~/.openclaw/plugins/policy/config.json
{
"mode": "deny-by-default", // 默认拒绝所有操作
"rules": [
{
"id": "allow-web-search",
"tool": "web_search",
"action": "allow",
"conditions": {
"user": ["admin", "developer"]
}
},
{
"id": "allow-file-read",
"tool": "read",
"action": "allow",
"parameters": {
"path": {
"pattern": "^/home/.*\\.md$" // 只允许读取markdown文件
}
}
},
{
"id": "deny-shell-write",
"tool": "exec",
"action": "deny",
"parameters": {
"command": {
"contains": ["rm", "dd", "mkfs"] // 禁止危险命令
}
},
"reason": "Dangerous system commands are not allowed"
}
]
}
采用「黑名单」模式,只拦截已知危险操作:
{
"mode": "allow-by-default",
"denyList": [
{
"tool": "exec",
"parameters": {
"command": ".*(rm -rf|dd if=|mkfs).*"
}
},
{
"tool": "write",
"parameters": {
"path": "^/etc/.*" // 禁止修改系统配置
}
}
]
}
限制工具只能在特定时间段使用:
{
"id": "work-hours-only",
"tool": "exec",
"action": "allow",
"timeWindow": {
"start": "09:00",
"end": "18:00",
"timezone": "Asia/Shanghai",
"weekdaysOnly": true
}
}
高风险操作需要人工审批:
{
"id": "high-risk-requires-approval",
"tool": "exec",
"action": "approval",
"parameters": {
"command": ".*(DROP TABLE|DELETE FROM|TRUNCATE).*"
},
"approval": {
"channel": "#security-alerts", // 发送到Discord频道审批
"timeout": 300, // 5分钟超时
"approvers": ["security-team"], // 审批人角色
"autoReject": true // 超时自动拒绝
}
}
{
"id": "rate-limit-api-calls",
"tool": "web_fetch",
"action": "allow",
"rateLimit": {
"maxCalls": 100,
"period": "1h",
"exceedAction": "deny" // 超出后拒绝 / throttle / log-only
}
}
Policy插件内置审计功能,支持多种输出目标:
{
"audit": {
"enabled": true,
"destinations": [
{
"type": "file",
"path": "~/.openclaw/logs/audit.log",
"format": "json",
"rotation": "daily"
},
{
"type": "webhook",
"url": "https://your-siem.example.com/ingest",
"headers": {
"Authorization": "Bearer xxx"
}
},
{
"type": "discord",
"channel": "#security-logs",
"level": "warning" // 只发送warning及以上级别
}
],
"fields": ["timestamp", "userId", "tool", "parameters", "action", "rule", "ipAddress"]
}
}
{
"timestamp": "2026-05-24T01:15:32.123Z",
"userId": "admin",
"tool": "exec",
"parameters": {
"command": "SELECT * FROM users WHERE id = 123"
},
"action": "allow",
"rule": "allow-db-read",
"ipAddress": "192.168.1.100",
"sessionId": "sess_abc123"
}
| 场景 | 策略配置 | 说明 |
|---|---|---|
| 开发环境 | 宽松策略,记录所有操作 | 用于调试和测试 |
| 生产环境 | 严格白名单,高风险需审批 | 核心业务保护 |
| 客户托管 | 完全隔离,禁止跨租户访问 | 多租户安全 |
{
"compliance": {
"framework": "SOC2",
"controls": {
"CC6.1": { // 逻辑访问控制
"tools": ["exec", "write", "read"],
"requireApproval": true,
"auditLevel": "detailed"
},
"CC7.2": { // 系统监控
"enableContinuousMonitoring": true,
"alertOnAnomaly": true
}
},
"reporting": {
"generateMonthly": true,
"recipients": ["compliance@company.com"]
}
}
}
Policy插件可与ClawShield深度集成,实现:
{
"integrations": {
"clawshield": {
"enabled": true,
"apiKey": "env:CLAWSHIELD_API_KEY",
"blockOnThreat": true,
"threatLevels": ["critical", "high"]
}
}
}
排查步骤:
# 1. 检查Policy插件状态
openclaw plugin status policy
# 2. 查看最近被拒绝的操作
openclaw audit log --action deny --last 10
# 3. 测试特定操作是否被允许
openclaw policy test --tool exec --params '{"command":"ls -la"}'
# 4. 临时禁用Policy(调试用)
openclaw plugin disable policy
在Agent的SKILL.md中添加友好的错误提示:
// 在Skill中处理Policy拒绝
export default {
name: "my-tool",
async execute(context) {
try {
return await context.tools.exec("ls -la");
} catch (error) {
if (error.code === "POLICY_DENIED") {
return "抱歉,这个操作被安全策略禁止了。请联系管理员申请权限。";
}
throw error;
}
}
}
level: "warning"只记录重要事件