HN Showcase
Back to browse
GitHub Repository

A lightweight HTTP proxy that injects authentication credentials into outbound API requests. Designed to run alongside OpenClaw to provide AI agents in sandboxed environments (like Docker containers) with authenticated API access without exposing secrets directly.

9 starsRust

ClawProxy: An HTTP proxy that injects auth tokens into API calls

by LordHumungous·Feb 13, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidNiche GemBig Brain
The Take

It replaces real API keys with short proxy tokens (e.g. PROXY:openai) and uses an X-Upstream-Host allowlist to ensure containers can only hit approved endpoints — neat and low-friction. Comes as a tiny Rust CLI with init/secret set/start commands and clear SDK examples, so you can bolt it onto OpenClaw or Docker agents without adopting a full secrets vault.

Target Audience

Backend developers and infrastructure/security engineers running sandboxed AI agents who need to keep API keys off the agent

Post Description

A way to make you auth tokens totally hidden from OpenClaw. The idea:

* Put all auth tokens into a secrets directory

* Run OpenClaw in sandbox-exec mode using a shell wrapper. OpenClaw process is blocked by the OS from accessing secrets.

* OpenClaw routes API requests to HTTP proxy that injects auth tokens.

Similar Projects

Security●●Solid

OneCLI – Vault for AI Agents in Rust

Agents never see real keys, but Vault already does secret injection.

Solve My ProblemSlick
guyb3
161523mo ago