oktsec-openclaw

[](https://www.npmjs.com/package/@oktsec/openclaw) [](LICENSE) [](https://github.com/oktsec/oktsec)

Runtime security plugin for OpenClaw. Intercepts agent tool calls and messages, scans through 188 detection rules, and blocks threats before execution.

openclaw plugins install @oktsec/openclaw

oktsec gateway must be running:

brew install oktsec/tap/oktsec
oktsec run

1. Install the plugin: openclaw plugins install @oktsec/openclaw
2. Start oktsec: oktsec run
3. Start OpenClaw: openclaw gateway
4. Send a message via Telegram, Discord, or the web chat
5. Open the oktsec dashboard to see every event in real-time

| Event | Hook | Direction | |-------|------|-----------| | Incoming messages | message_received | User -> Agent | | Outgoing messages | message_sending / message_sent | Agent -> User | | Tool calls (before) | before_tool_call | Agent -> Tool | | Tool results (after) | after_tool_call | Tool -> Agent |

Every intercepted event is scanned through oktsec's security pipeline:

• 188 detection rules across 15 categories (prompt injection, credential leaks, data exfiltration, supply chain, MCP attacks, and more)
• 4 verdicts: clean, flag, quarantine, block
• Tamper-evident audit trail with SHA-256 hash chain and Ed25519 signatures
• Real-time dashboard and terminal UI

In enforce mode, threats are blocked before they execute. In observe mode, everything is logged without blocking.

The plugin works out of the box with default settings. To customize, edit your OpenClaw config:

{
  "plugins": {
    "entries": {
      "oktsec": {
        "enabled": true,
        "config": {
          "gatewayUrl": "http://1