openclaw-shield-upx
Security monitoring and threat detection for OpenClaw agents — powered by Google SecOps (Chronicle). Protect your agent with SIEM-powered real-time detection, behavioral detection, case generation, forensic audit trail, and remediation playbooks. Use when: user asks about security status, Shield health, event logs, redaction vault, setting up agent protection, enabling SIEM, detecting threats, monitoring agent activity, or auditing agent actions. NOT for: general OS hardening, firewall config, or network security unrelated to OpenClaw agents.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/brunopradof/openclaw-shield-upxOpenClaw Shield
Security monitoring for OpenClaw agents by UPX. Shield runs as a plugin inside the OpenClaw gateway, capturing agent activity and sending redacted telemetry to the UPX detection platform.
Getting started
Shield requires the @upx-us/shield plugin and an active subscription.
- Plugin: @upx-us/shield
- Subscribe / Free 60-day trial (no credit card required): upx.com/en/lp/openclaw-shield-upx
- Dashboard: uss.upx.com
Commands
| Command | What it does |
|---|---|
openclaw shield status | Plugin health, connection state, event counts, last sync |
openclaw shield flush | Force an immediate sync to the platform |
openclaw shield logs | Recent events: type, tool, details, and trigger source (last 24h) |
openclaw shield logs --last 20 | Show last N events |
openclaw shield logs --last 20 --format json | Full JSON output with details and trigger_type fields |
openclaw shield logs --type TOOL_CALL --since 1h | Filter by event type or time window |
openclaw shield logs --format json | JSON output |
openclaw shield vault show | Agent and workspace inventory, redaction summary (hashed IDs) |
openclaw shield cases | List open security cases (scoped to this instance) |
openclaw shield cases show <ID> | Full case detail with events, rule, playbook |
openclaw shield cases resolve <ID> | Resolve a case (--resolution, --root-cause, --comment) |
openclaw shield monitor | Case notification cron — status, --on, --off, --interval |
openclaw shield investigate <case-id> | Guided investigation prompt with step-by-step instructions |
openclaw shield help | Full command reference (INVESTIGATION, RESOLUTION, DISCOVERY sections) |
openclaw shield close <case-id> --reason <reason> | Close a case with reason (e.g. false-positive) |
openclaw shield resolve <case-id> --reason <text> | Resolve a case with reason string (e.g. authorized-maintenance) |
Plugin State Check
Before responding to ANY Shield-related request, run openclaw shield status and interpret the result:
State A — Plugin not installed
(command not found, or exit code non-zero with plugin_not_found) Respond with:
Shield is not installed yet. Start your free 60-day trial (no credit card required) at: https://www.upx.com/en/lp/openclaw-shield-upx
Then install the plugin:
openclaw plugins install @upx-us/shield openclaw plugins run shield setup
State B — Plugin installed but no installationKey
(status contains installationKey: null or state: "unconfigured") Respond with:
Shield is installed but not activated. Sign up for a trial at: https://www.upx.com/en/lp/openclaw-shield-upx
Once you have your installation key, run:
openclaw plugins run shield setup
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-brunopradof-openclaw-shield-upx": {
"enabled": true,
"auto_update": true
}
}
}