Skills Plugins Jobs Pricing
← Back to Plugins
Voice

Oktsec

oktsec By oktsec 👁 7 views ▲ 0 votes

oktsec plugin for OpenClaw - runtime security for AI agent tool calls

GitHub

Install

openclaw plugins install @oktsec/openclaw

Configuration Example

{
  "plugins": {
    "entries": {
      "oktsec": {
        "enabled": true,
        "config": {
          "gatewayUrl": "http://127.0.0.1:9090",
          "mode": "enforce",
          "agent": "openclaw"
        }
      }
    }
  }
}

README

# oktsec plugin for OpenClaw

Runtime security for AI agent tool calls. Intercepts every tool call before execution, scans through 188 detection rules, and blocks threats in real-time.

## Install

```bash
openclaw plugins install @oktsec/openclaw
```

## Prerequisites

oktsec must be running:

```bash
brew install oktsec/tap/oktsec
oktsec run
```

## Configuration

In your OpenClaw config:

```json
{
  "plugins": {
    "entries": {
      "oktsec": {
        "enabled": true,
        "config": {
          "gatewayUrl": "http://127.0.0.1:9090",
          "mode": "enforce",
          "agent": "openclaw"
        }
      }
    }
  }
}
```

## What it does

Every tool call your OpenClaw agent makes goes through oktsec's security pipeline before execution:

- **188 detection rules** across 15 categories (prompt injection, credential leaks, data exfiltration, supply chain attacks, and more)
- **4 verdicts**: clean (allow), flag (allow + warn), quarantine (hold for review), block (reject)
- **Tamper-evident audit trail** with SHA-256 hash chain and Ed25519 signatures
- **Real-time dashboard** at localhost:8080/dashboard

In enforce mode, blocked tool calls are rejected before they execute. In observe mode, everything is logged but nothing is blocked.

## Commands

### Chat

```
/oktsec status     # Pipeline health and stats
/oktsec dashboard  # Open dashboard URL
```

### CLI

```bash
openclaw oktsec status       # Gateway health and pipeline stats
openclaw oktsec logs -f      # Stream audit events
openclaw oktsec dashboard    # Open dashboard in browser
```

## How it works

The plugin is a thin TypeScript client. All security logic runs in the oktsec Go binary:

```
OpenClaw agent → tool call → oktsec plugin → oktsec gateway (188 rules) → allow/block
```

If oktsec gateway is unreachable, the plugin fails open (does not block agent work).

## Works with NemoClaw

oktsec and NemoClaw are complementary. NemoClaw sandboxes the agent (isolation + inference). oktsec monitors what the agent does (detection + audit + authorization). Both run as OpenClaw plugins simultaneously.

## License

Apache 2.0
voice

Comments

Sign in to leave a comment

Loading comments...

More by oktsec

Oktsec Openclaw

Oktsec Openclaw

oktsec plugin for OpenClaw. Runtime security for AI agent tool calls. 188 detection rules, tamper-evident audit trail.

0

Similar Plugins in Voice

Mem

Mem

Local-first memory sidecar for OpenClaw — tool-result capture → SQLite ledger → progressive recall; optional embeddings

3
Moltbot Extension Powermem

Moltbot Extension Powermem

Moltbot(clawdbot/openclaw) Plugin: give your bot long-term memory with PowerMem—smart extraction, Ebbinghaus recall, mul

3
Moltbot Memory Local

Moltbot Memory Local

Privacy-first local memory plugin for Moltbot: SQLite + local embeddings, zero cloud calls

3
Voice Call

Voice Call

Enable voice call functionality for OpenClaw agents. Supports Twilio integration for making and receiving phone calls th

2 325611
Otel

Otel

**openclaw-otel-plugin** is an OpenTelemetry-native plugin that enables seamless observability for OpenClaw by automatic

0
Lyra

Lyra

A openclaw voice stream channel plugin

0