Agent Security Hardener
> Built by GetAgentIQ — [getagentiq.ai](https://getagentiq.ai)
Continuous runtime security for OpenClaw. Detects attacks in real-time, not just at audit time.
Threat Model
Based on real-world attacks documented in the Pliny security test (5 attack vectors):
1. Prompt Injection — Malicious instructions hidden in user input or tool output
2. Tokenade Attacks — Token manipulation to bypass safety filters
3. Siege Attacks — Rapid-fire requests to overwhelm rate limits and extract data
4. Data Exfiltration — Attempts to leak memory, config, or API keys via tool calls
5. Wallet Drain — Triggering expensive API calls to burn budget
Commands
Enable Runtime Monitoring
Enable security monitoring
Runs scripts/security_monitor.py --enable to activate real-time scanning.
Scan a Message
Check this message for threats: [paste message]
Runs scripts/security_monitor.py --scan "message text" to analyze a single message.
Scan Installed Skills
Audit all installed skills for security issues
Runs scripts/provenance_checker.py --scan-all to check skill provenance and code safety.
View Security Dashboard
Show security status
Runs scripts/security_monitor.py --dashboard for current threat level and recent alerts.
Check Skill Provenance
Check provenance of skill dream-memory
Runs scripts/provenance_checker.py --skill dream-memory to verify a specific skill.
Detection Patterns
Prompt Injection Signatures
- System prompt override attempts ("ignore previous instructions", "you are now")
- Role confusion ("as a DAN", "jailbreak mode", "developer mode")
- Encoded payloads (base64/hex/unicode obfuscation hiding instructions)
- Delimiter injection (
`system`, [INST], <|im_start|>)
Tokenade Patterns
- Unicode homoglyphs replacing ASCII characters
- Zero-width characters splitting safety-critical words
- RTL override characters reversing text display
- Combining diacritical marks masking keywords
Rate Anomaly Detection
- >10 requests/minute from single source
- Repeated near-identical queries (fuzzing)
- Escalating privilege requests across messages
- Systematic tool enumeration patterns
Configuration
Stored at ~/.openclaw/workspace/security-hardener-config.json:
{
"enabled": true,
"alert_level": "medium",
"auto_quarantine": true,
"max_requests_per_minute": 10,
"scan_incoming_messages": true,
"scan_tool_outputs": true,
"block_on_high_threat": true,
"alert_channel": null,
"provenance_check_on_install": true
}
Reference Files
references/attack-patterns.md— Detailed catalog of known attack vectors with examplesreferences/response-playbook.md— What to do when each threat type is detected