Local-first • Sidecar for OpenClaw

Local-first SecOps,
inside OpenClaw.

SecOpsAI turns OpenClaw audit telemetry into actionable findings (malware, exfil, risky exec/policy abuse) and lets you triage from chat/WhatsApp. All data stays on your machine.

Install Now arrow_forward View Documentation
No log shipping by default SQLite SOC store Native OpenClaw plugin CLI + WhatsApp workflows
secopsai - local pipeline
$secopsai refresh
Exporting OpenClaw telemetry… ingesting… detecting…
[OK] Findings persisted to local SOC store (SQLite)
$secopsai list --severity high
warning HIGH: Suspicious execution / policy abuse detected
OCF-… | status=open | disposition=unreviewed
$secopsai intel refresh
Pulled 10k+ IOCs (URLhaus + ThreatFox) → stored locally
$
Capabilities

Detect, triage, and act - locally

SecOpsAI is a sidecar detection engine for OpenClaw. It reads local audit telemetry, produces findings with severity + evidence, and supports fast chat-driven triage workflows.

extension

OpenClaw Plugin

Native TypeScript plugin for seamless OpenClaw integration. Install once, use 8 built-in tools directly from OpenClaw.

openclaw plugins install secopsai
chat

WhatsApp workflows

Use OpenClaw to interact with SecOpsAI from WhatsApp: "check malware", "check exfil", "show OCF-…", "mitigate OCF-…".

hub

Threat Intel (IOCs)

Pull open-source IOCs, normalize + score them, optional local enrichment (DNS), then match against replay events to generate TI findings.

rocket_launch

Coming soon integrations

OpenClaw variants

Native integrations with other OpenClaw variants/telemetry sources are coming soon: Hermes, ManusAI, Zo Computer.

SIEM platforms (optional)

Optional SIEM output integrations are coming soon: Splunk and Elastic (Elasticsearch).

(Still local-first by default - exporting is opt-in.)

Quick Start

Install SecOpsAI

Works everywhere. Installs everything.

One-liner install for macOS

curl -fsSL https://secopsai.dev/install.sh | bash

The one-liner installs Python, dependencies, and everything else for you.

Quick Start

Zero to findings in minutes

After installation, run the pipeline and list findings. All data stays on your device unless you explicitly export it.

# Using OpenClaw Plugin
secopsai_list_findings severity=high
# Using CLI
curl -fsSL https://secopsai.dev/install.sh | bash
# Activate
cd ~/secopsai && source .venv/bin/activate
# Refresh + list high
secopsai refresh && secopsai list --severity high
# Threat intel (optional)
secopsai intel refresh && secopsai intel match --limit-iocs 500
Links: docs · github · clawhub · x