Local-first • Multi-platform security operations

Local-first security operations,
across OpenClaw and host platforms.

SecOpsAI collects telemetry from OpenClaw, macOS, Linux, and Windows, then turns it into findings, correlations, and threat-intel matches you can review locally. All data stays on your machine.

Install Now arrow_forward View Documentation
No log shipping by default SQLite SOC store OpenClaw plugin included macOS / Linux / Windows adapters CLI + WhatsApp workflows
secopsai - local pipeline
$secopsai refresh --platform macos,openclaw
[OK] Collected host + OpenClaw telemetry
[OK] Findings persisted to local SOC store (SQLite)
$secopsai correlate
[OK] Cross-platform correlation complete
$secopsai list --severity high
warning HIGH: Suspicious execution / policy abuse detected
OCF-… | status=open | disposition=unreviewed
$secopsai intel refresh
Pulled 10k+ IOCs (URLhaus + ThreatFox) → stored locally
$
Capabilities

Detect, triage, and act - locally

SecOpsAI is a local-first security operations toolkit for OpenClaw and host platforms. It collects telemetry, produces findings with severity and evidence, and supports fast CLI and chat-driven triage workflows.

extension

OpenClaw Plugin

Native TypeScript plugin for seamless OpenClaw integration. Install once, use 8 built-in tools directly from OpenClaw.

openclaw plugins install secopsai
chat

WhatsApp workflows

Use OpenClaw to interact with SecOpsAI from WhatsApp: "check malware", "check exfil", "show OCF-…", "mitigate OCF-…".

hub

Threat Intel (IOCs)

Pull open-source IOCs, normalize + score them, optional local enrichment (DNS), then match against replay events to generate TI findings.

rocket_launch

Coming soon integrations

OpenClaw variants

Native integrations with other OpenClaw variants/telemetry sources are coming soon: Hermes, ManusAI, Zo Computer.

SIEM platforms (optional)

Optional SIEM output integrations are coming soon: Splunk and Elastic (Elasticsearch).

(Still local-first by default - exporting is opt-in.)

Quick Start

Install SecOpsAI

Works everywhere. Installs everything.

One-liner install for macOS

curl -fsSL https://secopsai.dev/install.sh | bash

The one-liner installs Python, dependencies, and everything else for you.

Quick Start

Zero to findings in minutes

After installation, run the pipeline and list findings. All data stays on your device unless you explicitly export it.

# Using OpenClaw Plugin
secopsai_list_findings severity=high
# Using CLI
curl -fsSL https://secopsai.dev/install.sh | bash
# Activate
cd ~/secopsai && source .venv/bin/activate
# Refresh + list high
secopsai refresh && secopsai list --severity high
# Cross-platform correlation
secopsai refresh --platform macos,openclaw && secopsai correlate
# Threat intel (optional)
secopsai intel refresh && secopsai intel match --limit-iocs 500
Links: docs · github · clawhub · x