Shoofly Advanced sits between your OpenClaw agent and its tools. If a call looks dangerous — prompt injection in a web fetch response, credential patterns in an exec command, a write to ~/.ssh/ — it's blocked before it fires. Not detected after.

The problem with detection-only tools: by the time you get the alert, the damage is done. Shoofly Advanced intercepts at the tool call layer via an OpenClaw hook, so the block happens before execution.

Shoofly Basic (free) is a drop-in skill that monitors and alerts.

Shoofly Advanced adds pre-execution blocking — $19/mo flat. Both are open source: https://github.com/shoofly-dev/shoofly

Install Basic in one command: curl -fsSL https://shoofly.dev/install.sh | bash

Advanced ($19/mo) — get your personal install command at shoofly.dev/advanced

What Shoofly catches: prompt injection, tool response injection, credential exfiltration, out-of-scope writes, runaway loops, and more.

Happy to answer questions about the hook architecture — intercepting at the tool call layer before execution is the interesting part.