Welcome to OpenClaw Shield

OpenClaw Shield is a security plugin that protects your AI bot from malicious inputs and prevents harmful outputs. It acts as both an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) for conversational AI.

Key Features

Block SQL injection, XSS, prompt injection, and more using regex, keywords, and semantic analysis

Automatically redact API keys, credentials, emails, phone numbers from logs and alerts

Prevent spam floods and DoS attacks with configurable per-user rate limits

Skip checks for trusted users, channels, or email domains

How It Works

OpenClaw Shield integrates directly into your OpenClaw bot's message pipeline:

graph LR
    A[External User] -->|Message| B[OpenClaw Shield]
    B -->|Scan| C{Threat?}
    C -->|Yes| D[Block/Flag]
    C -->|No| E[Allow]
    D --> F[Alert Admin]
    E --> G[LLM Processes]
    G --> H[OpenClaw Shield]
    H -->|Scan| I{Threat?}
    I -->|Yes| J[Block/Flag]
    I -->|No| K[Send to User]

Inbound Protection

Scans messages before they reach your LLM
Blocks SQL injection, XSS, prompt injection
Rate limits spam attempts
Checks against allowlist

Outbound Protection

Scans bot responses before sending to users
Prevents accidental secret leaks (API keys, tokens, passwords)
Automatically redacts sensitive data in responses
Blocks or redacts harmful/private content
Protects you from a compromised or buggy bot

Quick Start

Get Shield running in 5 minutes:

Install: npm install openclaw-shield
Configure: Add to ~/.openclaw/openclaw.json
Restart: openclaw gateway --verbose
Test: Send a threat to verify blocking

👉 Follow the complete Quick Start guide →

Use Cases

1. Customer Support Bots

Prevent customers from injecting SQL or XSS attacks through support chat:

User: "My name is '; DROP TABLE users; --"
Shield: 🛑 BLOCKED (SQL injection detected)

2. Prevent Bot Data Leaks

Stop your bot from accidentally revealing secrets:

Bot tries to say: "Your API key is sk-1234567890abcdef"
Shield intercepts: Redacts secret
User receives:     "Your API key is sk-***...***"
Admin alerted:     "Data leak prevented in conversation #1234"

3. Public AI Assistants

Rate limit spam and prevent abuse:

Spammer: [sends 100 messages in 10 seconds]
Shield: 🛑 RATE LIMITED (20 messages per minute maximum)

4. Whitelabel AI Products

Skip security checks for internal team members:

{
  "allowlist": {
    "senders": ["+15551234567"],  // CEO phone
    "domains": ["@company.com"]   // All employees
  }
}

Architecture

OpenClaw Shield uses a multi-layered detection approach:

Allowlist Check (instant) - Skip trusted users
Rate Limit (instant) - Check message frequency
Keyword Pre-filter (fast) - Quick pattern matching
Regex Verification (medium) - Precise pattern detection
Semantic Analysis (slow) - Deep threat understanding

Only suspicious messages go through expensive semantic checks, keeping latency low.

Performance

Average processing: 12-15ms per message
P95 latency: < 50ms
Throughput: 1000+ messages/second
Memory: ~100MB base + 50MB per 1000 rules

Next Steps

🚀 Quick Start

Get Shield running in 5 minutes

📋 Requirements

Check system requirements

📦 Installation

Step-by-step installation guide

⚙️ Configuration

Configure Shield for your use case

📊 Dashboard

Monitor threats and manage rules

🛠️ Commands

Control Shield from your bot

Support

Documentation: https://docs.securecheck.io
Dashboard: https://dashboard.securecheck.io
GitHub: https://github.com/securecheckio/openclaw-shield
Discord: https://discord.gg/YEtqKvC6
Email: support@securecheck.io

Key Features​

How It Works​

Inbound Protection​

Outbound Protection​

Quick Start​

Use Cases​

1. Customer Support Bots​

2. Prevent Bot Data Leaks​

3. Public AI Assistants​

4. Whitelabel AI Products​

Architecture​

Performance​

Next Steps​