Skip to content
Open-source agent · CLI + skills · Any LLM
🦞PortEden

Secure Your Data With OpenClaw

PortEden makes OpenClaw enterprise-grade. Native skills + the porteden CLI give your agent clean, redacted data on every tool call, and every action lands in an exportable audit log — so you keep OpenClaw's flexibility and ship to teams with confidence.

See pricing

Native OpenClaw skills · 5-minute clawhub install · Free for solo

Works With What You Already Use
Gmail
Gmail
Outlook
Outlook
Google Calendar
Google Calendar
Google Drive
Google Drive
Google Docs
Google Docs
OneDrive
OneDrive
SharePoint
SharePoint
Teams
Teams
Slack
Slack
Notion
Notion
Asana
Asana
Monday
Monday
Linear
Linear
Jira
Jira
Confluence
Confluence
Entra ID
Entra ID
Better Together

What PortEden Adds to OpenClaw

  • OpenClaw is open source and routes through whichever LLM you select. PortEden enforces a consistent redaction and policy layer in front of every model call, so changing the underlying LLM does not change the security posture or the audit story.
  • OpenClaw skills define a clean integration boundary. PortEden ships first-party calendar and email skills installable via clawhub; calendar, email, drive, and tasks become available through one configuration change, with the firewall enforced on every call.
  • OpenClaw is often deployed on chat gateways such as WhatsApp, Telegram, or Discord. PortEden's token-based authentication path supports those channels where browser OAuth does not, providing the same RBAC, redaction, and audit on remote surfaces as on desktop.
  • OpenClaw's runtime is intentionally minimal. PortEden returns -jc compact JSON sized for the model's reasoning loop, keeping token consumption predictable while still applying the full firewall, policy evaluation, and logging on every tool call.
OpenClaw on GitHub
Capability Matrix

OpenClaw With PortEden: What You Get

PII redaction before the LLM call
50+ identifier types stripped before the model sees them
OpenClawNo
+ PortEdenYes
Per-tool, per-action RBAC
OpenClawNo
+ PortEdenYes
Per-contact / per-domain firewall rules
OpenClawNo
+ PortEdenYes
SIEM-exportable audit log
OpenClawNo
+ PortEdenYes
Native skills for email and calendar
PortEden ships first-party skills via clawhub
OpenClawPartial
+ PortEdenYes
Token-efficient JSON output (-jc compact mode)
Filters noise, truncates long fields — ~80% context reduction
OpenClawN/A
+ PortEdenYes
Auto-pagination for large result sets
OpenClawN/A
+ PortEdenYes
IdP identity sync (Okta / Entra / Google Workspace)
Permissions revoke with the rest of the user's accounts
OpenClawNo
+ PortEdenYes
Confirm-before-write on destructive actions
PortEden skills default to confirm-before-write on send / delete / forward
OpenClawPartial
+ PortEdenYes
One-click revocation across surfaces
OpenClawNo
+ PortEdenYes
Skills + CLI Coverage

Native OpenClaw Skills, Same Firewall as Claude and ChatGPT

Connection: clawhub install porteden/{calendar,email} + porteden CLI

OpenClaw skills (managed install)

clawhub install porteden/calendar and porteden/email drop the skills into ~/openclaw/skills/porteden/. Workspace-level installs override managed copies for project-specific scopes.

Setup guide

porteden CLI (any agent, any LLM)

Beyond skills, the binary itself is callable from any OpenClaw command. -jc returns compact JSON; --all auto-paginates. Same firewall as the skills.

Setup guide

Remote channels (WhatsApp / Discord / Telegram)

When the user is at the computer, browser-OAuth login. When the user is on a chat gateway, generate a key at my.porteden.com and run porteden auth login --token pe_their_key.

Setup guide
Tooling Notes
  • All commands accept -jc for compact JSON output — filters noise, truncates long fields, reduces token usage in OpenClaw's reasoning loop.
  • Use --all to auto-paginate large result sets (e.g. porteden email messages --week --all -jc).
  • PE_API_KEY env injection in ~/.openclaw/openclaw.json so OpenClaw sessions inherit credentials without leaking to shell history.
  • Per-token monthly quotas, per-contact access rules, and field-level redaction all apply — the agent gets redacted JSON, never raw payloads.
  • Confirm-before-write defaults on the skills: send, reply, forward, create, update, and delete operations require explicit user OK before the firewall executes them.

Install OpenClaw Skills in Under 5 Minutes

1

Install the porteden CLI

brew install porteden/tap/porteden — or use the install script / go install. Verify with porteden --version.

2

Install the skills

clawhub install porteden/calendar and clawhub install porteden/email drop the skills into ~/openclaw/skills/porteden/.

3

Authenticate and inject the key

porteden auth login (browser) or porteden auth login --token (remote). Add PE_API_KEY to ~/.openclaw/openclaw.json. Run porteden auth status to verify.

Read the full OpenClaw setup →
OpenClaw + PortEden

Five-Minute Setup. Free While You Test.

Connect a data source, plug OpenClaw into PortEden, and put OpenClaw to work on the data your team actually needs to handle.

OpenClaw Install Guide

Frequently Asked Questions

Why does OpenClaw need PortEden? Isn't OpenClaw open-source enough?
Open-source means you can audit the agent runtime — not the LLM it routes through. The disclosure pathway is the LLM call. PortEden adds the redaction, RBAC, and audit layer in front of that call so OpenClaw stays as flexible as it is, but the prompt to Claude / GPT / Gemini doesn't carry your real names, DOBs, or contract terms.
Are the skills officially listed in clawhub?
Yes — porteden/calendar and porteden/email are first-party skills installable via clawhub install. Skill sources live in the porteden/cli GitHub repo (linked from the OpenClaw setup docs). You can also drop them into a workspace-level skills folder for project-specific scope.
Can OpenClaw use PortEden without the skills?
Yes — every skill maps to a porteden CLI subcommand. If you write your own OpenClaw automation or want to call PortEden from a non-skill context, the binary works as a drop-in tool. Pass -jc for compact JSON optimized for the LLM's reasoning loop.
How does authentication work when the user is on WhatsApp or Discord?
Browser OAuth doesn't work on chat gateways, so we ship a token-based path. Direct the user to my.porteden.com to generate an API key, then run porteden auth login --token pe_their_key. The OpenClaw session injects PE_API_KEY from ~/.openclaw/openclaw.json on every command.
Does PortEden see my OpenClaw conversations?
PortEden sees the tool calls OpenClaw makes through the firewall — the command, the redacted result, the access-rule decision. PortEden does not see the user's chat-app messages, the LLM's full prompt, or any conversation that doesn't touch a PortEden tool.
What happens when the user asks OpenClaw to send an email or create an event?
The skills default to confirm-before-write on send, reply, forward, create, update, and delete operations. OpenClaw shows the user the proposed action; on confirmation the firewall executes it. Every action is captured in the audit log with the tool call, arguments, decision, and result.
Can a single PortEden token power multiple OpenClaw users?
Token-per-user is the default and the right answer for solo practitioners. For shared OpenClaw deployments, generate one token per user and inject the right key per session — same security model as ChatGPT Connectors. For multi-tenant setups, talk to sales.
What does it cost?
Free for solo use. Higher tool-call quotas, SSO, and SIEM export are on paid plans. See pricing for details.

Keep Exploring

Get More From OpenClaw With PortEden

Five-minute setup. Free tier for solo licensed practitioners. Same AI you already use — now ready for the work your team actually needs to do.

Talk to sales

Rolling out to a whole team? Talk to sales →