← Use Cases

How do I protect my OpenClaw agent from following dangerous links?

The problem

OpenClaw is an autonomous AI agent with broad system access: it reads your emails, browses the web, runs terminal commands, controls your browser, and processes messages from WhatsApp, Telegram, Discord, Slack, and iMessage. Every URL it encounters is a potential attack surface. Security researchers have flagged prompt injection via malicious URLs as a top risk. A compromised link can lead to credential theft, data exfiltration, or unauthorized actions on your machine.

With over 100,000 GitHub stars and millions of users, OpenClaw's power is also its vulnerability. The agent acts on what it finds. If what it finds is a phishing page or a prompt injection payload embedded behind a redirect chain, it needs a way to know before it clicks.

How Unphurl solves it

Build an OpenClaw skill that checks every URL before your agent follows, clicks, or acts on it. The skill calls the Unphurl API with the URL, gets back a risk score and structured signals, and blocks or warns on anything above your threshold. Fresh domains, brand impersonation attempts, suspicious redirect chains, and obfuscated URLs get caught before your agent touches them. Same pattern as Unphurl's MCP companion skill, adapted for OpenClaw's Skills framework.

Signals that matter for this use case

  • Brand impersonation catches phishing domains in emails and messages your agent reads
  • Domain age <7 days flags infrastructure created in the last week, common in prompt injection attacks
  • Excessive redirects detects obfuscated redirect chains designed to bypass safety checks
  • URL contains IP catches direct IP access bypassing DNS, common in attacks
  • Encoded hostname detects percent-encoded hostnames used to obfuscate malicious URLs
  • Phishing floor ensures brand impersonation + any other signal always scores high

Suggested scoring profile

{
  "name": "openclaw-safety",
  "weights": {
    "brand_impersonation": 40,
    "domain_age_7": 30,
    "redirects_5": 25,
    "url_contains_ip": 15,
    "encoded_hostname": 10,
    "domain_entropy_high": 10,
    "phishing_floor": 80
  }
}

What a result looks like

Your OpenClaw agent is triaging your morning email. It encounters a link claiming to be from PayPal: https://paypa1-secure.xyz/verify. Before following it, the Unphurl skill checks the URL:

Score: 85/100
Brand impersonation: paypal.com (+40)
Domain age: 2 days (+25)
MX record: none (+5)
Phishing floor: applied (80 minimum)

The skill blocks the agent from following the link and alerts you. Without the check, your agent could have opened the page, potentially exposing session tokens or triggering a prompt injection payload embedded in the page content.

Cost

OpenClaw processes URLs from your email, messages, and web browsing. Most of these are known domains (Gmail links, Google Docs, Slack URLs, GitHub) that resolve free from the Tranco list. In typical daily use, maybe 5-15 URLs per day are unknown and require a pipeline check. The Starter package (100 credits, $9) covers 1-3 weeks of normal agent activity.

Get started

For developers building an OpenClaw skill: 

# Check a URL from your OpenClaw skill
curl -s "https://api.unphurl.com/v1/check?url=https://suspicious-link.xyz" \
  -H "Authorization: Bearer $UNPHURL_API_KEY" | jq '.score'

For non-coders using OpenClaw's natural language interface:

Tell your OpenClaw agent: "Before following any link, check it with Unphurl first. If the score is above 50, warn me instead of clicking." (Note: this requires an Unphurl skill to be installed. An official Unphurl skill for ClawHub is coming soon.)

Read the docs All use cases