Local-first SecOps,
inside OpenClaw.
SecOpsAI turns OpenClaw audit telemetry into actionable findings (malware, exfil, risky exec/policy abuse) and lets you triage from chat/WhatsApp. All data stays on your machine.
Detect, triage, and act - locally
SecOpsAI is a sidecar detection engine for OpenClaw. It reads local audit telemetry, produces findings with severity + evidence, and supports fast chat-driven triage workflows.
OpenClaw Plugin
Native TypeScript plugin for seamless OpenClaw integration. Install once, use 8 built-in tools directly from OpenClaw.
WhatsApp workflows
Use OpenClaw to interact with SecOpsAI from WhatsApp: "check malware", "check exfil", "show OCF-…", "mitigate OCF-…".
Threat Intel (IOCs)
Pull open-source IOCs, normalize + score them, optional local enrichment (DNS), then match against replay events to generate TI findings.
Coming soon integrations
OpenClaw variants
Native integrations with other OpenClaw variants/telemetry sources are coming soon: Hermes, ManusAI, Zo Computer.
SIEM platforms (optional)
Optional SIEM output integrations are coming soon: Splunk and Elastic (Elasticsearch).
(Still local-first by default - exporting is opt-in.)
Choose your installation method
SecOpsAI works on macOS, Linux, and as a native OpenClaw plugin. We detected your device—select the best option below.
openclaw plugins install secopsai
npm install -g secopsai
Zero to findings in minutes
After installation, run the pipeline and list findings. All data stays on your device unless you explicitly export it.
secopsai_list_findings severity=high
curl -fsSL https://secopsai.dev/install.sh | bash
cd ~/secopsai && source .venv/bin/activate
secopsai refresh && secopsai list --severity high
secopsai intel refresh && secopsai intel match --limit-iocs 500