YinShield OpenClaw integration

OpenClaw integration

Attach a local privacy layer to OpenClaw without rebuilding your stack.

YinShield keeps the masking engine in Python and uses a thin OpenClaw plugin as the bridge. That means you can protect prompts locally, keep the plugin small, and avoid rewriting the core engine in TypeScript.

Install It Read Docs Back To Home
  • Local HTTP bridge
  • Thin plugin architecture
  • Fast setup for OpenClaw users
  • Installer scaffolds config and token

Plugin package

@serein-213/openclaw-yinshield

Default bridge

http://127.0.0.1:27811

Core shape

Python engine + local HTTP + thin TS plugin

Install

The shortest path to a working local setup.

1. One-line bootstrap

curl -fsSL https://yin-shield.site/setup-openclaw-yinshield.sh | bash

2. What it does

- install or upgrade yinshield
- scaffold OpenClaw config
- generate an auth token
- install and enable the plugin

3. Manual fallback

pip install yinshield
python -m yinshield.install_openclaw
openclaw plugins install @serein-213/openclaw-yinshield
openclaw plugins enable openclaw-yinshield

4. Start the local bridge

yinshield serve --auth-token YOUR_TOKEN

5. Verify service health

curl -X POST http://127.0.0.1:27811/health \
  -H "Authorization: Bearer YOUR_TOKEN"

Config

Keep the plugin small and explicit.

Recommended plugin config

{
  "plugins": {
    "entries": {
      "openclaw-yinshield": {
        "enabled": true,
        "config": {
          "baseUrl": "http://127.0.0.1:27811",
          "mode": "placeholder",
          "authToken": "change-me"
        }
      }
    }
  }
}

Service endpoints

POST /health
POST /mask
POST /unmask
POST /messages/mask

The plugin should call the local bridge, not reimplement masking logic inside the plugin runtime.

Failure mode

If the service is not available, the plugin should fail clearly and tell the user to run yinshield serve.

YinShield bridge not reachable.
Start it with: yinshield serve --auth-token YOUR_TOKEN

How it fits

OpenClaw calls the tool. YinShield owns the masking engine.

01

OpenClaw invokes the plugin

The plugin exposes tools such as yinshield_mask and yinshield_unmask and reads the local bridge config.

02

Plugin calls local HTTP

Requests hit the bridge at 127.0.0.1:27811, where the Python engine handles detection, replacement, and mapping state.

03

User gets restored output

The model sees masked content, while the user or operator sees the restored result on the local side.