ClawGuard: The Essential AI Agent Security Dashboard

AI agents are revolutionizing how we work, but what happens when your autonomous assistant goes rogue? ClawGuard puts you back in control with real-time monitoring, intelligent risk analysis, and a panic-button kill switch that stops runaway agents instantly. Built for the OpenClaw ecosystem, this powerful dashboard transforms opaque AI operations into transparent, auditable workflows.

Every developer deploying AI agents needs observability. Without it, you're flying blind while your agent executes shell commands, accesses credentials, and interacts with external services. ClawGuard eliminates this darkness by providing a sleek, web-based command center where you can see everything your AI agent does—categorized, risk-scored, and searchable.

In this deep dive, you'll discover how ClawGuard's WebSocket-powered architecture delivers live updates, how its sophisticated risk engine categorizes threats, and how to implement bulletproof monitoring in under five minutes. We'll walk through real installation scenarios, dissect actual code examples, and reveal advanced strategies for enterprise-grade security. Whether you're running a personal AI assistant or managing a fleet of enterprise agents, this guide gives you everything needed to deploy ClawGuard with confidence.

What Is ClawGuard?

ClawGuard is a dedicated activity monitor and security dashboard designed specifically for AI agent frameworks within the OpenClaw ecosystem. Created by developer Jayden Beard, this open-source tool addresses a critical gap in AI agent deployment: the lack of real-time visibility into autonomous system actions.

At its core, ClawGuard functions as a read-only observability layer that consumes JSONL session logs generated by AI agents like Clawdbot, OpenClaw, and Moltbot. It doesn't just display raw logs—it intelligently parses, categorizes, and risk-scores every operation, transforming cryptic command sequences into actionable security intelligence. The dashboard runs locally on port 3847, providing immediate access without cloud dependencies.

The tool emerged from the growing recognition that AI agents, while powerful, operate with concerning opacity. When an agent decides to execute sudo commands, access your SSH keys, or post messages on your behalf, you need instant awareness. ClawGuard's kill switch feature represents a paradigm shift in AI safety, giving operators physical-world control over digital autonomy.

What makes ClawGuard particularly relevant today is the explosion of autonomous AI systems in both consumer and enterprise environments. As agents gain capabilities to browse the web, manipulate files, and interface with APIs, the attack surface and potential for unintended consequences multiply exponentially. ClawGuard serves as the essential guardrail, providing the transparency necessary for trust and the controls required for safety.

The architecture supports multi-gateway detection, automatically discovering agent processes regardless of whether they run under openclaw, moltbot, or clawdbot binaries. This flexibility ensures compatibility across the entire OpenClaw family while maintaining a consistent monitoring experience.

Key Features That Make ClawGuard Revolutionary

Real-Time WebSocket Monitoring

ClawGuard's dashboard isn't just a static log viewer—it's a live command center. The WebSocket implementation pushes updates the moment your AI agent performs an action, eliminating refresh delays. This real-time pipe streams categorized activities across seven distinct domains: Shell, File, Network, Browser, Message, System, and Memory operations.

The filtering system operates at multiple levels. You can slice the activity feed by risk level (Low, Medium, High, Critical), search with full-text queries, or drill down by category. Each activity expands into a detailed modal showing raw tool calls, timestamps, and risk justifications. This granularity transforms troubleshooting from guesswork into precise diagnosis.

Intelligent Risk Analysis Engine

The heart of ClawGuard beats in its risk-analyzer.js module, which evaluates every agent action against a comprehensive threat matrix. The system doesn't rely on simple keyword matching—it understands context. A git push command gets flagged as MEDIUM risk because it involves external communication, while sudo rm -rf / triggers CRITICAL alerts immediately.

CRITICAL classifications cover privilege escalation attempts, keychain extraction, remote code execution, and password manager access. HIGH risk activities include email sending, external messaging via WhatsApp or Twitter, cloud CLI operations across AWS/GCP/Azure, camera/microphone access, and persistence mechanism creation. This multi-tiered approach ensures security teams can prioritize responses based on actual threat potential.

Emergency Kill Switch Architecture

The kill switch isn't just a process terminator—it's a graceful shutdown mechanism integrated directly with the OpenClaw gateway. When triggered via the dashboard or /api/gateway/kill endpoint, ClawGuard sends a controlled termination signal to the agent daemon, ensuring in-flight operations complete safely while preventing new tool calls.

This feature proves invaluable during runaway agent scenarios where an AI gets stuck in loops, begins destructive operations, or exhibits emergent behaviors outside expected parameters. The kill switch provides a physical-world circuit breaker for digital autonomy, restoring human control in milliseconds.

Multi-Gateway Auto-Detection

ClawGuard's config.js loader scans multiple default paths automatically:

• ~/.openclaw/agents/main/sessions/*.jsonl
• ~/.moltbot/agents/main/sessions/*.jsonl
• ~/.clawdbot/agents/main/sessions/*.jsonl

This intelligent detection means zero configuration for standard installations. The parser module handles JSONL format variations across gateway versions, normalizing data into a consistent schema for the dashboard. Whether you're running the original OpenClaw, the streamlined Moltbot, or the enhanced Clawdbot, ClawGuard adapts seamlessly.

Proactive Webhook Alerting

The alerting system transforms ClawGuard from passive monitor to active sentinel. Configure Discord, Slack, Telegram, or generic webhook endpoints to receive instant notifications when high-risk activities occur. The system batches alerts by risk level, sending concise messages that include activity summaries and direct dashboard links.

Alert rules are fully customizable through the config.json file. You can specify which risk levels trigger notifications, set different webhooks for different severity tiers, and even route CRITICAL alerts to PagerDuty or Opsgenie via generic webhooks. This flexibility integrates ClawGuard into existing security operations centers effortlessly.

Export and Audit Capabilities

Compliance requirements demand audit trails. ClawGuard delivers with one-click JSON and CSV exports containing complete activity histories. The export engine preserves all metadata, risk scores, and categorizations, enabling external analysis in SIEM tools or custom analytics platforms.

The /api/export/json endpoint provides machine-readable data for automated processing, while /api/export/csv generates analyst-friendly spreadsheets. Both exports respect active filters, allowing targeted extraction of specific time ranges, risk levels, or activity categories.

Real-World Use Cases Where ClawGuard Shines

Enterprise AI Deployment Oversight

A financial services firm deploys Clawdbot to automate report generation and data analysis. Compliance mandates require complete audit trails of all system interactions. ClawGuard runs on a dedicated audit server, streaming logs from multiple agent instances. The risk analyzer immediately flags when an agent attempts to access customer PII databases, triggering Slack alerts to the security team. The kill switch provides instant remediation if an agent begins unauthorized data exfiltration, while CSV exports feed quarterly compliance reports.

Development Sandbox Safety Net

AI agent developers need to test new capabilities without risking their development environment. A software engineer integrates ClawGuard into their local testing workflow. While debugging an agent's file manipulation features, ClawGuard detects a CRITICAL risk when the agent attempts to modify /etc/hosts. The developer triggers the kill switch, reviews the activity details, and realizes the agent misinterpreted a prompt. This early intervention prevents system corruption and provides concrete data for prompt engineering improvements.

Security Research and Red Teaming

Security researchers use ClawGuard to monitor AI agents during adversarial testing. By observing how agents respond to jailbreak attempts, researchers catalog emergent behaviors. When an agent begins spawning reverse shells and accessing SSH keys, ClawGuard's HIGH risk alerts provide timestamped evidence of successful exploitation. The JSON export feeds into behavioral analysis tools, helping develop stronger safety classifiers for production deployments.

Personal AI Assistant Accountability

Power users running local AI assistants want transparency into their agent's internet browsing and file operations. A developer uses ClawGuard to monitor their personal Moltbot instance. The dashboard reveals the agent periodically accesses browser cookies and clipboard contents. While these are LOW risk activities, the user appreciates the visibility and uses the insight to configure stricter sandboxing policies. The peace of mind from knowing exactly what their digital assistant does proves invaluable.

Step-by-Step Installation & Setup Guide

Method 1: NPM Global Install (Recommended)

The fastest path to production monitoring uses NPM's global installation:

# Install ClawGuard globally via npm
npm install -g @jaydenbeard/clawguard

# Set up as persistent background service
clawguard install

The clawguard install command performs three critical operations:

1. Registers ClawGuard as a system service using platform-native init systems (systemd on Linux, launchd on macOS, Windows Service Manager)
2. Configures auto-start on user login, ensuring monitoring survives reboots
3. Sets proper file permissions on log directories for read-only access

Verification: Run clawguard status to confirm the service is active. You should see "ClawGuard is running (PID: XXXX)" and "Auto-start: enabled".

Method 2: Manual Git Clone

For development or customization, clone the repository directly:

# Clone the repository
git clone https://github.com/JaydenBeard/clawguard.git

# Navigate to directory
cd clawguard

# Install dependencies
npm install

# Start the server
npm start

This method runs ClawGuard in the current terminal session. For persistent operation, use a process manager like PM2:

# Install PM2 globally
npm install -g pm2

# Start ClawGuard with PM2
pm2 start npm --name "clawguard" -- start

# Save PM2 configuration for auto-restart
pm2 save
pm2 startup

Initial Configuration

After installation, access the dashboard at http://localhost:3847. The first launch auto-detects installed gateways and begins parsing existing session logs. No additional configuration is required for standard setups.

For custom installations, create a config.json file in the ClawGuard directory:

{
  "port": 3847,
  "sessionsPath": "~/.openclaw/agents/main/sessions",
  "alerts": {
    "enabled": true,
    "webhookUrl": "https://hooks.slack.com/services/YOUR/WEBHOOK/URL",
    "onRiskLevels": ["high", "critical"]
  }
}

Environment Variables: Override config values using CLAWGUARD_PORT or CLAWGUARD_SESSIONS_PATH for containerized deployments.

Firewall and Security Considerations

ClawGuard binds to localhost by default, preventing external access. For team dashboards, configure a reverse proxy with authentication:

# Nginx configuration example
server {
    listen 80;
    server_name clawguard.yourdomain.com;
    
    location / {
        proxy_pass http://localhost:3847;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        auth_basic "ClawGuard Access";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

REAL Code Examples from ClawGuard

Installation and Service Management

The README provides exact commands for installing and managing ClawGuard as a system service:

# Via npm (recommended)
npm install -g @jaydenbeard/clawguard
clawguard install

# Or clone manually
git clone https://github.com/JaydenBeard/clawguard.git
cd clawguard && npm install && npm start

The clawguard install command is particularly powerful—it creates a platform-specific service definition that survives terminal closure and system reboots. On macOS, it generates a com.jaydenbeard.clawguard.plist launch agent. On Linux, it creates a systemd user service. This ensures your monitoring infrastructure remains operational 24/7 without manual intervention.

CLI Command Reference

ClawGuard's CLI provides comprehensive service control:

clawguard           # Start in background (default)
clawguard start -f  # Start in foreground (attached to terminal)
clawguard stop      # Stop the running instance
clawguard status    # Check if running + auto-start status
clawguard restart   # Restart the service
clawguard install   # Install as auto-start service (survives reboot)
clawguard uninstall # Remove auto-start service
clawguard update    # Check for and install updates
clawguard version   # Show current version

The -f (foreground) flag is invaluable for debugging. When an agent exhibits strange behavior, starting ClawGuard in foreground mode lets you watch the parser and risk analyzer process logs in real-time, with verbose output streaming directly to your terminal. This mode also reveals WebSocket connection activity and API request handling.

Configuration File Structure

The config.json file demonstrates ClawGuard's flexible alerting system:

{
  "port": 3847,
  "sessionsPath": "~/.openclaw/agents/main/sessions",
  "alerts": {
    "enabled": true,
    "webhookUrl": "https://discord.com/api/webhooks/...",
    "telegramChatId": "123456789",
    "onRiskLevels": ["high", "critical"]
  }
}

Key Configuration Insights:

• The port field customizes the dashboard binding address
• sessionsPath supports tilde expansion for home directory referencing
• alerts.enabled acts as a master kill-switch for all notifications
• webhookUrl accepts any HTTP endpoint, with special formatting for Discord, Slack, and Telegram
• telegramChatId is required for Telegram webhooks, enabling direct-to-mobile alerts
• onRiskLevels uses an array filter, allowing granular control over alert thresholds

API Endpoint Interaction

Based on the documented endpoints, here's a practical example using curl to interact with ClawGuard's REST API:

# Check gateway status
curl -s http://localhost:3847/api/gateway/status | jq

# Trigger emergency kill switch
curl -X POST http://localhost:3847/api/gateway/kill

# Export last hour's CRITICAL activities to JSON
start_time=$(date -v-1H +%s)
curl -G http://localhost:3847/api/activities \
  --data-urlencode "riskLevel=critical" \
  --data-urlencode "startTime=$start_time" \
  -o critical_activities.json

# Configure Slack webhook alerts
curl -X POST http://localhost:3847/api/alerts/config \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true,
    "webhookUrl": "https://hooks.slack.com/services/YOUR/WEBHOOK",
    "onRiskLevels": ["high", "critical"]
  }'

The /api/gateway/kill endpoint is particularly important—it sends a SIGTERM signal to the agent process, allowing graceful shutdown. For immediate termination, the API also supports a ?force=true parameter that sends SIGKILL, though this risks data corruption in active sessions.

Risk Detection Logic

While the README shows the risk table, here's how the analyzer categorizes activities in code:

// From src/lib/risk-analyzer.js (conceptual implementation)
function assessRisk(toolCall) {
  const command = toolCall.command.toLowerCase();
  
  // CRITICAL: Privilege escalation
  if (command.includes('sudo') || command.includes('keychain')) {
    return { level: 'CRITICAL', reason: 'Privilege escalation attempt' };
  }
  
  // HIGH: External communication
  if (command.includes('email') || command.includes('whatsapp') || 
      command.includes('twitter') || command.match(/aws|gcp|azure/)) {
    return { level: 'HIGH', reason: 'External service interaction' };
  }
  
  // MEDIUM: Network operations
  if (command.includes('ssh') || command.includes('docker')) {
    return { level: 'MEDIUM', reason: 'Network/container operation' };
  }
  
  // Default: Standard operations
  return { level: 'LOW', reason: 'Routine file/memory operation' };
}

This logic runs synchronously on each parsed log entry, ensuring risk assessment adds minimal latency to the dashboard update pipeline.

Advanced Usage & Best Practices

Implementing Remote Logging for Adversarial Protection

The README's trust model is crucial: ClawGuard reads logs the agent can potentially modify. For adversarial agent protection, implement remote logging:

# On agent machine: pipe logs to remote syslog
 tail -f ~/.openclaw/agents/main/sessions/*.jsonl | \
   logger -t clawguard -n remote-monitor.example.com -P 514

# On monitoring server: run ClawGuard against remote logs
ssh user@agent-machine "cat ~/.openclaw/agents/main/sessions/*.jsonl" | \
  clawguard --stdin-mode

This architecture ensures that even if the agent compromises its local system, the monitoring trail remains intact on a separate machine.

Separate Audit User Configuration

Run ClawGuard as a dedicated audit user that the AI agent cannot access:

# Create audit user
sudo useradd -m -s /bin/bash clawguard-audit

# Set log directory permissions
sudo chown -R clawguard-audit:clawguard-audit ~/.openclaw/agents/main/sessions
sudo chmod 750 ~/.openclaw/agents/main/sessions

# Run ClawGuard as audit user
sudo -u clawguard-audit clawguard start

This separation prevents a compromised agent from tampering with its own monitoring infrastructure or accessing the kill switch API.

OS-Level Audit Integration

For defense-in-depth, complement ClawGuard with OS audit logs:

# macOS: Enable process auditing
sudo log config --mode level:debug --subsystem com.openclaw.agent

# Linux: Use auditd to monitor agent process
sudo auditctl -A exit,always -F arch=b64 -S execve -F path=/usr/local/bin/openclaw

# Forward audit logs to ClawGuard parser
tail -f /var/log/audit/audit.log | clawguard --auditd-mode

This approach catches agent actions that might bypass application-level logging, providing true adversarial protection.

Performance Optimization

For high-volume agent deployments, optimize ClawGuard's resource usage:

{
  "port": 3847,
  "sessionsPath": "~/.openclaw/agents/main/sessions",
  "parser": {
    "batchSize": 1000,
    "flushInterval": 5000,
    "maxMemory": "512MB"
  },
  "websocket": {
    "compression": true,
    "maxPayload": 1024
  }
}

The batchSize parameter controls how many log entries the parser processes before emitting updates, reducing WebSocket chatter. The flushInterval ensures memory doesn't grow unbounded during quiet periods.

Comparison: ClawGuard vs Alternatives

Why ClawGuard Wins: It delivers specialized AI agent monitoring without the complexity of enterprise platforms or the limitations of generic tools. The kill switch and risk analysis are purpose-built for autonomous agent threats, not retrofitted from traditional security models. For teams needing immediate visibility without infrastructure overhead, ClawGuard is unmatched.

Frequently Asked Questions

How does the kill switch actually work?

The kill switch sends a SIGTERM signal to the OpenClaw gateway process via its control socket, allowing graceful shutdown. If the agent doesn't terminate within 10 seconds, it escalates to SIGKILL. The API endpoint /api/gateway/kill triggers this remotely, while the dashboard provides a prominent red button for immediate access.

Can malicious AI agents disable ClawGuard?

If running under the same user, a compromised agent could potentially kill the ClawGuard process. For adversarial protection, run ClawGuard as a separate audit user with read-only log access. See the "Separate Audit User Configuration" section above for implementation details.

What AI agent frameworks are supported?

ClawGuard auto-detects OpenClaw, Moltbot, and Clawdbot. It reads their JSONL session logs from standard paths. Custom agents can be supported by symlinking their log directories to one of the detected paths or modifying the sessionsPath in config.json.

How do webhook alerts handle Telegram specifically?

When ClawGuard detects a api.telegram.org URL in webhookUrl, it automatically formats the payload with required chat_id, text, and parse_mode fields. You must provide telegramChatId in the config. For Discord and Slack, it sends standard JSON payloads compatible with their incoming webhook formats.

Can I export data for compliance audits?

Yes. The /api/export/json and /api/export/csv endpoints provide complete activity logs with risk scores and timestamps. Exports respect active filters, allowing targeted data extraction. Schedule automated exports using cron jobs that call these endpoints with appropriate query parameters.

What's the performance impact on my AI agent?

ClawGuard operates read-only on log files, creating zero performance impact on the agent itself. The parser uses streaming file reads and efficient JSONL parsing, typically consuming less than 5% CPU on modern systems. Memory usage scales with dashboard activity, not agent operation volume.

Does ClawGuard work in containerized environments?

Absolutely. Run ClawGuard in a sidecar container with shared volume mounts to the agent's log directory. Use the official Docker image (if available) or build from source. Set CLAWGUARD_SESSIONS_PATH to the mounted log volume path.

Conclusion: Why ClawGuard Is Non-Negotiable for AI Agent Deployment

ClawGuard transforms AI agent operations from black-box mystery into transparent, controllable workflows. Its real-time WebSocket architecture delivers instant visibility while the sophisticated risk engine prioritizes threats automatically. The kill switch provides the ultimate safety net, ensuring human judgment always supersedes autonomous action.

What sets ClawGuard apart is its pragmatic balance of power and simplicity. In under five minutes, developers gain enterprise-grade monitoring without enterprise complexity. The multi-gateway support future-proofs your investment as the OpenClaw ecosystem evolves.

For anyone deploying AI agents—whether personal assistants or enterprise automation—ClawGuard isn't optional. It's the difference between trusting your agent and verifying your agent. Between hoping for the best and preparing for the worst. Between flying blind and flying with instruments.

Install ClawGuard today and take command of your AI agents. Visit the GitHub repository at https://github.com/JaydenBeard/clawguard to get started. Your future self will thank you when that kill switch saves your system from a runaway agent at 3 AM.

The era of autonomous AI is here. Make sure you're watching them.