OpenClaw Integration Guide

OpenClaw is AgentsMon's native platform. Events flow automatically when the AgentsMon skill is installed.

Installation

Option 1: Skill Installation (Recommended)

``bash


Install the AgentsMon skill into OpenClaw
cd /path/to/agentsmon/skill
bash scripts/setup.sh



This installs AgentsMon as an OpenClaw skill that:
Monitors all agent commands, file access, and network requests in real-time
Scans for security vulnerabilities automatically
Reports config drift and privilege escalation attempts

Option 2: Manual Configuration

Add to your OpenClaw settings.json:

`json


{
  "agentsmon": {
    "endpoint": "http://localhost:18800",
    "enabled": true,
    "events": ["command", "file_access", "http_request", "config_change", "usage"]
  }
}



Event Flow

OpenClaw events are processed natively by the EventProcessor — no adapter needed:


OpenClaw Agent
  |
  v
EventProcessor.processEvent()
  |
  +-> SecurityScanner (code analysis, prompt injection)
  +-> BehavioralMonitor (dangerous commands, file access)
  +-> SandboxMonitor (escape detection)
  +-> TrustScorer (trust level tracking)
  +-> SentinelAgent (autonomous threat hunting)
  +-> CorrelationEngine (attack chain detection)
  +-> SIEM export



Event Types Supported

| Event Type | Description | Example |
|-----------|-------------|---------|

| command | Shell commands executed by agent | rm -rf /tmp/cache |

| file_access | Files read/written by agent | /etc/passwd |

| http_request | Outbound HTTP requests | https://api.example.com |

| usage | Token/model usage | Claude Sonnet, 5000 tokens |

| config_change | Settings modifications | exec.approvals: false |

| gateway_connection | WebSocket/API connections | Client auth events |

| skill_execution | Skill invocations | agentsmon scan |

| agent | Agent lifecycle events | Agent start/stop |



Config Monitoring

AgentsMon monitors these critical OpenClaw settings:

| Setting | Baseline | Severity |
|---------|----------|----------|

| exec.approvals | true | critical |

| tools.exec.host | false | critical |

| websocket.origins | Not * | high |

| auth.password | Non-empty | critical |



Verification

`bash


Check that events are flowing
curl http://localhost:18800/api/events?platform=openclaw&limit=5

Check config drift
curl http://localhost:18800/api/config/drift

Run security scan
curl -X POST http://localhost:18800/api/security/scan



Troubleshooting

No events appearing?

Verify the skill is installed: openclaw skills list

Check the AgentsMon backend is running: curl http://localhost:18800/api/health

Check logs: tail -f backend/logs/app.log



Config alerts not firing?

Verify baselines are set: curl http://localhost:18800/api/config/baselines

Reset baselines: curl -X POST http://localhost:18800/api/config/baselines -d '{"fieldPath":"exec.approvals","expectedValue":true,"description":"Require approval","severity":"critical"}'`