openguardrailsMoltGuard โ runtime security plugin for OpenClaw agents by OpenGuardrails. Helps users install, register, activate, and check the status of MoltGuard. Use wh...
Install via ClawdBot CLI:
clawdbot install ThomasLWang/openguardrailsRuntime security guard for OpenClaw agents by OpenGuardrails. Open source (Apache 2.0), fully auditable.
ClawHub: ThomasLWang/moltguard ยท npm: @openguardrails/moltguard ยท GitHub: openguardrails/openguardrails/tree/main/moltguard
Verify provenance before installing. The npm package should match the auditable GitHub source. To check:
# Download and inspect the package contents
npm pack @openguardrails/moltguard --dry-run
# Or do a full diff against the cloned repo:
mkdir /tmp/moltguard-audit && cd /tmp/moltguard-audit
npm pack @openguardrails/moltguard
tar -xzf openguardrails-moltguard-*.tgz
git clone https://github.com/openguardrails/openguardrails
diff -r package/scripts openguardrails/moltguard/scriptsPrefer source install if you have low trust in the publisher: openclaw plugins install -l ./openguardrails/moltguard
What activate.mjs does: Makes an outbound call to https://www.openguardrails.com/core to register the agent. Once you visit the claim URL and verify your email, the returned API key is written to ~/.openclaw/credentials/moltguard/credentials.json. Do not activate if you do not trust this endpoint. All local protections work without activation.
Network behavior:
https://www.openguardrails.com/core. No message content is sent โ only tool names, sequence, and metadata.Least privilege: Treat the API key written by activation as sensitive. Rotate or revoke it via the account portal (https://www.openguardrails.com/core/login) if needed. You can keep local-only protections indefinitely by simply not activating the cloud component.
Before installing or running activate.mjs:
1. Verify provenance.
Compare the npm package to the GitHub source (npm pack + diff) as described in the Security & Provenance section above. Only proceed if the contents match the source you trust.
2. Inspect the scripts yourself.
scripts/activate.mjs and scripts/status.mjs are short and readable. Review them directly before running.
3. Understand what activation writes.
Activation writes an API key to ~/.openclaw/credentials/moltguard/credentials.json. If you later distrust the endpoint, delete that file and revoke the key via the platform portal.
4. Activate from a monitored environment if you need high assurance.
Use tcpdump, mitmproxy, or Little Snitch to confirm outbound destinations and that payloads contain only sanitized metadata โ not message content.
Local protections remain fully functional without activation โ no outbound calls, no credentials written.
Run this when the user asks about MoltGuard status, whether it's registered, or what email/plan is active:
node {baseDir}/scripts/status.mjsRun this when the user wants to register MoltGuard or enable cloud behavioral detection:
node {baseDir}/scripts/activate.mjsAfter running, show the user the claim URL. Tell them to visit the URL and provide their email to complete activation. On success, an API key is written to ~/.openclaw/credentials/moltguard/credentials.json โ inform the user so they know a credential file was created.
When the user asks to install MoltGuard, run these steps:
# 1. Install the plugin
openclaw plugins install @openguardrails/moltguard
# 2. Restart the gateway to load the plugin
openclaw gateway restart
# 3. Register and show activation link
node {baseDir}/scripts/activate.mjsAfter running step 3, show the user the claim URL from the output. Tell them to visit the URL and enter their email to complete activation.
Local protections are active immediately after restart โ no registration required. Cloud behavioral detection requires activation.
# 1. Update the plugin
openclaw plugins update moltguard
# 2. Restart the gateway to load the plugin
openclaw gateway restart
# 3. Check status
node {baseDir}/scripts/status.mjsAfter updating, run step 3 to confirm the plugin is loaded and show the current activation status.
Local (no cloud, no registration needed):
$(), backtick, ;, &&, |) โ BLOCKCloud (requires activation):
For full detection tables and pattern details, see references/details.md.
Local HTTP proxy that sanitizes PII/secrets before they reach LLM providers:
npx @openguardrails/gateway # runs on port 8900Then point your agent's API base URL to http://127.0.0.1:8900. Sanitizes emails, credit cards, API keys, phone numbers, SSNs, IBANs, IPs, URLs. Restores originals in responses. Stateless โ no data retained.
All options in ~/.openclaw/openclaw.json under plugins.entries.openguardrails.config:
| Option | Default | Description |
|--------|---------|-------------|
| enabled | true | Enable/disable the plugin |
| blockOnRisk | true | Block tool call when risk detected |
| apiKey | "" | Explicit API key (sk-og-...) |
| agentName | "OpenClaw Agent" | Name shown in dashboard |
| coreUrl | https://www.openguardrails.com/core | Platform API endpoint |
| dashboardUrl | https://www.openguardrails.com/dashboard | Dashboard URL for observation reporting |
| timeoutMs | 60000 | Cloud assessment timeout (ms) |
To use an existing API key directly (skips registration):
{
"plugins": {
"entries": {
"openguardrails": {
"config": { "apiKey": "sk-og-<your-key>" }
}
}
}
}| Plan | Price | Detections/mo |
|------|-------|---------------|
| Free | $0 | 30,000 |
| Starter | $19/mo | 100,000 |
| Pro | $49/mo | 300,000 |
| Business | $199/mo | 2,000,000 |
Account portal: https://www.openguardrails.com/core/login (email + API key)
rm -rf ~/.openclaw/extensions/moltguard
# Remove moltguard configs from ~/.openclaw/openclaw.json
rm -rf ~/.openclaw/credentials/moltguard # optionalFor detailed information on security & trust, detection patterns, privacy policy, and gateway data types, read references/details.md.
Generated Mar 1, 2026
A banking chatbot handling customer queries about account balances and transactions needs protection against data exfiltration attempts. MoltGuard would block attempts to read sensitive files and send them over network calls, ensuring PII and financial data remains secure during AI agent operations.
An AI assistant in a hospital system helps patients schedule appointments and access medical records. MoltGuard prevents credential theft and command injection attacks that could compromise PHI data, while redacting prompt injection attempts in file or web content accessed by the agent.
An e-commerce platform uses AI agents to process returns, handle complaints, and access order databases. MoltGuard's local protections block shell escape attempts in parameters and detect sensitive data leakage patterns, securing customer payment information and personal details during support interactions.
A law firm employs AI agents to review contracts and legal documents containing confidential client information. MoltGuard prevents data exfiltration through network calls and blocks multi-credential access patterns when activated, ensuring attorney-client privilege is maintained during automated document processing.
Development teams use AI agents to automate deployment scripts and infrastructure management. MoltGuard detects and blocks command injection attempts in shell parameters and alerts on unusual tool sequences when cloud behavioral detection is activated, preventing compromised agents from executing malicious operations.
Offer basic local protections for free to drive adoption, then charge for cloud behavioral detection features. Organizations can start with air-gapped security and upgrade to get advanced threat detection through the cloud component, creating a natural upgrade path.
Sell MoltGuard as a security add-on to existing AI agent platforms. Target companies deploying OpenClaw agents in sensitive environments who need runtime protection. Bundle with enterprise support, custom detection rules, and compliance reporting for regulated industries.
Provide fully managed MoltGuard deployment and monitoring as a service. Handle installation, configuration, activation, and ongoing threat monitoring for clients. Include regular security audits, API key rotation, and incident response support for organizations lacking security expertise.
๐ฌ Integration Tip
Start with local-only protections first to verify functionality without cloud dependencies, then activate cloud features only after confirming the agent's basic operations work correctly with the security layer in place.
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack ๐ฆ
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
Clawdbot documentation expert with decision tree navigation, search scripts, doc fetching, version tracking, and config snippets for all Clawdbot features
Interact with Moltbook social network for AI agents. Post, reply, browse, and analyze engagement. Use when the user wants to engage with Moltbook, check their feed, reply to posts, or track their activity on the agent social network.
OpenClaw CLI wrapper โ gateway, channels, models, agents, nodes, browser, memory, security, automation.
MoltGuard โ runtime security plugin for OpenClaw agents by OpenGuardrails. Helps users install, register, activate, and check the status of MoltGuard. Use wh...