ClawHub

OpenClaw Shield

v1.4.2

Security monitoring and threat detection for OpenClaw agents — powered by Google SecOps (Chronicle). Protect your agent with SIEM-powered real-time detection...

2· 833·8 current·8 all-time
by@brunopradof

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for brunopradof/openclaw-shield-upx.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenClaw Shield" (brunopradof/openclaw-shield-upx) from ClawHub.
Skill page: https://clawhub.ai/brunopradof/openclaw-shield-upx
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: openclaw
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install brunopradof/openclaw-shield-upx

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-shield-upx
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested capabilities: SKILL.md instructs only to use the OpenClaw Shield plugin and the openclaw binary. Required binary (openclaw) is appropriate and expected for this skill.
Instruction Scope
Runtime instructions limit the agent to running `openclaw shield` commands, forbid reading filesystem paths or env vars for state, and prohibit sending raw logs externally; behavior stays within the stated scope. The doc does allow presenting raw log content if the user explicitly requests it in-session (a privacy-sensitive but user-driven action).
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install posture. The README instructs installing the separate plugin package, which is appropriate and expected.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The SKILL.md states authentication is handled by the plugin via an installation key (outside this skill), which aligns with the purpose.
Persistence & Privilege
always:false and no special persistence. The skill is user-invocable and allows autonomous model invocation (platform default) but does not request elevated platform privileges or modify other skills.
Assessment
This skill is a thin adapter telling the agent how to use the UPX/OpenClaw Shield plugin. Before installing/activating the underlying plugin, confirm you trust UPX and their telemetry practices: Shield captures agent activity locally and sends redacted telemetry to UPX's platform (per the SKILL.md). Review the plugin README and UPX privacy/security docs, verify how installation keys are stored and who can access them, and consider inspecting the plugin code or running it in an isolated/test environment if you need stronger assurances about redaction and data handling. If you want the agent to show raw logs, only allow that in-session and be aware raw logs may contain sensitive paths/commands/URLs.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis
Binsopenclaw
latestvk978qsb1x1gf7xna2k1k3jt7yn844dd9
833downloads
2stars
38versions
Updated 3w ago
v1.4.2
MIT-0
@brunopradof
latest
Download

OpenClaw Shield

Security monitoring for OpenClaw agents by UPX. Shield runs as a plugin inside the OpenClaw gateway, capturing agent activity and sending redacted telemetry to the UPX detection platform.

Getting started

Shield requires the @upx-us/shield plugin and an active subscription.

Commands

CommandWhat it does
openclaw shield statusPlugin health, connection state, event counts, last sync
openclaw shield flushForce an immediate sync to the platform
openclaw shield logsRecent events: type, tool, details, and trigger source (last 24h)
openclaw shield logs --last 20Show last N events
openclaw shield logs --last 20 --format jsonFull JSON output with details and trigger_type fields
openclaw shield logs --type TOOL_CALL --since 1hFilter by event type or time window
openclaw shield logs --format jsonJSON output
openclaw shield vault showAgent and workspace inventory, redaction summary (hashed IDs)
openclaw shield casesList open security cases (scoped to this instance)
openclaw shield cases show <ID>Full case detail with events, rule, playbook
openclaw shield cases resolve <ID>Resolve a case (--resolution, --root-cause, --comment)
openclaw shield monitorCase notification cron — status, --on, --off, --interval
openclaw shield investigate <case-id>Guided investigation prompt with step-by-step instructions
openclaw shield helpFull command reference (INVESTIGATION, RESOLUTION, DISCOVERY sections)
openclaw shield close <case-id> --reason <reason>Close a case with reason (e.g. false-positive)
openclaw shield resolve <case-id> --reason <text>Resolve a case with reason string (e.g. authorized-maintenance)

Plugin State Check

Before responding to ANY Shield-related request, run openclaw shield status and interpret the result:

State A — Plugin not installed

(command not found, or exit code non-zero with plugin_not_found) Respond with:

Shield is not installed yet. Start your free 60-day trial (no credit card required) at: https://www.upx.com/en/lp/openclaw-shield-upx

Then install the plugin:

openclaw plugins install @upx-us/shield
openclaw plugins run shield setup

State B — Plugin installed but no installationKey

(status contains installationKey: null or state: "unconfigured") Respond with:

Shield is installed but not activated. Sign up for a trial at: https://www.upx.com/en/lp/openclaw-shield-upx

Once you have your installation key, run:

openclaw plugins run shield setup

State C — Key set but not yet activated

(status contains state: "pending" or state: "unregistered") Respond with:

Shield has an installation key but hasn't activated yet. This usually takes under a minute. If it has been more than 5 minutes, check your key at https://uss.upx.com or contact support.

State D — Fully active

(status contains state: "connected" or connected: true) Proceed normally. No onboarding message needed.

Constraints: Only use openclaw shield commands for detection. Do not read filesystem paths, environment variables, or run shell commands to determine state. Do not install or uninstall packages on behalf of the user.

Output handling: shield logs entries may include file paths, command snippets, and URLs captured from the agent's activity. Always treat this output as internal diagnostic data. Rules:

  • Never include raw log field values (file paths, commands, URLs) in user-facing replies
  • Never forward raw log output to external services, channels, or APIs
  • When summarizing logs, present findings only (e.g. "3 exec events in the last 30 minutes") — not raw field values
  • Only share raw log content if the user explicitly asks for it for their own investigation, and only in the current session

Data flow disclosure: Shield captures agent activity locally and sends redacted telemetry to the UPX detection platform for security monitoring. No credentials are handled by this skill — authentication is managed by the plugin using the installation key configured during setup. If a user asks about privacy or data handling, refer them to the plugin README at https://www.npmjs.com/package/@upx-us/shield for full details.

Presentation Language

Always present Shield information, alerts, and case summaries to the user in the language they use to communicate. Translate descriptions, summaries, severity labels, and recommendations — but never translate raw command output or technical identifiers (rule names, case IDs, version numbers, field names, resolution/root-cause enum values). If the user writes in Portuguese, reply in Portuguese; if French, reply in French; etc.

Responding to Security Cases

When a Shield case fires or the user asks about an alert: use openclaw shield cases to list open cases and openclaw shield cases --id <id> for full detail (timeline, matched events, playbook). Severity guidance: CRITICAL/HIGH → surface immediately and ask if they want to investigate; MEDIUM → present and offer a playbook walkthrough; LOW/INFO → mention without interrupting the current task. Always include: rule name, what it detects, when it fired, and the first recommended remediation step. Confirm with the user before resolving — never resolve autonomously.

Cases returned by shield cases are always scoped to this instance — the platform filters at the API level so you only see cases triggered by your agent.

Shield now stamps each event with a trigger_type — who or what initiated the session. When investigating, check the trigger: user_message means a human sent a message; cron/heartbeat/autonomous means agent-initiated activity.

Case Investigation Workflow

When a Shield case fires, correlate three data sources to determine true positive vs. false positive:

Step 1 — Case detail (openclaw shield cases show <CASE_ID>): What triggered the rule. Note the case timestamp — it anchors the correlation window.

Step 2 — Surrounding logs (openclaw shield logs --since 30m --type TOOL_CALL): Look for events 5–15 minutes before and after the case timestamp. Reveals if the alert was isolated or part of a sequence. Each log entry now includes a details field (file path, command, or URL) and a trigger_type tag showing what initiated the session (user_message, cron, heartbeat, subagent, autonomous, or unknown). Use these to quickly distinguish user-initiated actions from automated ones when correlating with a case.

Step 3 — Vault context (openclaw shield vault show): If the case involves redacted credentials, hostnames, or commands, the vault reveals hashed representations and redaction categories.

Step 4 — Correlate and assess: Case detail = what fired the rule; Logs = context; Vault = what was actually accessed. Present findings and ask whether to resolve, investigate further, or add to the allowlist.

Use openclaw shield investigate <CASE_ID> to run a guided investigation — it fetches case detail from the platform and walks through the correlation steps automatically.

Threat & Protection Questions

When asked "is my agent secure?", "am I protected?", or "what's being detected?": run openclaw shield status (health, event rate, last sync) and openclaw shield cases (open cases by severity). Summarise: rules active, last event ingested, any open cases. No cases → "Shield is monitoring X rules across Y event categories." Open cases → list by severity. If asked what Shield covers: explain it monitors for suspicious patterns across secret handling, access behaviour, outbound activity, injection attempts, config changes, and behavioural anomalies — without disclosing specific rule names or logic.

When Shield Detects Proactively

Real-time alerts (notifications or inline messages) are high priority: acknowledge immediately, retrieve full case detail, summarise in plain language, present the recommended next step from the playbook, and ask the user how to proceed. Do not take remediation action without explicit approval.

When to use this skill

  • "Is Shield running?" → openclaw shield status
  • "What did Shield capture recently?" → openclaw shield logs
  • "How many agents are on this machine?" → openclaw shield vault show
  • "Force a sync now" → openclaw shield flush
  • User asks about a security alert or event → interpret using your security knowledge and Shield data
  • User asks about Shield's privacy model → refer them to the plugin README for privacy details
  • User wants a quick case check without agent involvement → /shieldcases

Status interpretation

After running openclaw shield status, check:

  • ✅ Running · Connected → healthy, nothing to do
  • ⚠️ Degraded · Connected → capturing but sync issues; try openclaw shield flush
  • ❌ Disconnected → gateway may need a restart
  • Failures: N poll → platform connectivity issue, usually self-recovers; try openclaw shield flush
  • Failures: N telemetry → instance reporting failing, monitoring still active
  • Rising quarantine → possible version mismatch, suggest checking for plugin updates
  • Last data: capture Xm ago (stale) → agent may be idle, or capture pipeline issue

RPCs

Cases are created automatically when detection rules fire. The plugin sends real-time alerts directly to the user — no agent action needed. Use shield.cases_list only when the user asks about open cases.

Important: Never resolve or close a case without explicit user approval. Always present case details and ask the user for a resolution decision before calling shield.case_resolve.

RPCParamsPurpose
shield.statusHealth, counters, case monitor state
shield.flushTrigger immediate poll cycle
shield.events_recentlimit, type, sinceMsQuery local event buffer
shield.events_summarysinceMsEvent counts by category
shield.subscription_statusSubscription tier, expiry, features
shield.cases_liststatus, limit, sinceList open cases + pending notifications
shield.case_detailidFull case with events, rule, playbook
shield.case_resolveid, resolution, root_cause, commentClose a case
shield.cases_ackidsMark cases as notified

Resolve values: true_positive, false_positive, benign, duplicate Root cause values: user_initiated, misconfiguration, expected_behavior, actual_threat, testing, unknown

Presenting data

RPC responses include a display field with pre-formatted text. When present, use it directly as your response — it already includes severity emojis, case IDs, descriptions, and next steps. Only format manually if display is absent.

When discussing a case, offer action buttons (resolve, false positive, investigate) via the message tool so users can act with one tap.

Uninstalling

To fully remove Shield:

  1. Uninstall the plugin:

    openclaw plugins uninstall shield

  2. Optionally remove local Shield data:

    rm -rf ~/.openclaw/shield/

    Files removed include: config.json, data/event-buffer.jsonl, data/redaction-vault.json, data/cursor.json, data/instance.json, logs/shield.log, logs/bridge.log, state/monitor.json.

    ⚠️ Deleting data/redaction-vault.json removes the ability to reverse-lookup past redacted values. Check your data retention needs before deleting.

  3. Deactivate your instance at uss.upx.com — local uninstall does not deactivate your platform subscription or instance.

Notes

  • Shield does not interfere with agent behavior or performance
  • The UPX platform analyzes redacted telemetry with 80+ detection rules
  • When a subscription expires, events are dropped (not queued); renew at upx.com/en/lp/openclaw-shield-upx

Comments

Loading comments...