openclaw-shield-upx

# OpenClaw Shield

Security monitoring for OpenClaw agents by [UPX](https://www.upx.com). Shield runs as a plugin inside the OpenClaw gateway, capturing agent activity and sending redacted telemetry to the UPX detection platform.

## Getting started

Shield requires the `@upx-us/shield` plugin and an active subscription.

- **Plugin**: [@upx-us/shield](https://www.npmjs.com/package/@upx-us/shield)
- **Subscribe / Free 30-day trial**: [upx.com/en/lp/openclaw-shield-upx](https://www.upx.com/en/lp/openclaw-shield-upx)
- **Dashboard**: [uss.upx.com](https://uss.upx.com)

## Commands

| Command | What it does |
|---|---|
| `openclaw shield status` | Plugin health, connection state, event counts, last sync |
| `openclaw shield flush` | Force an immediate sync to the platform |
| `openclaw shield logs` | Recent events from the local buffer (last 24h) |
| `openclaw shield logs --last 20` | Show last N events |
| `openclaw shield logs --type TOOL_CALL --since 1h` | Filter by event type or time window |
| `openclaw shield logs --format json` | JSON output |
| `openclaw shield vault show` | Agent and workspace inventory, redaction summary (hashed IDs) |
| `openclaw shield cases` | List open security cases |
| `openclaw shield cases show <ID>` | Full case detail with events, rule, playbook |
| `openclaw shield cases resolve <ID>` | Resolve a case (--resolution, --root-cause, --comment) |
| `openclaw shield monitor` | Case notification cron — status, --on, --off, --interval |

## Plugin State Check

Before responding to any Shield-related request, run `openclaw shield status` and branch on the result:

- **Command not found / exit non-zero**: Shield plugin is not installed. Tell the user Shield requires the `@upx-us/shield` plugin and an active subscription. Direct them to: https://www.upx.com/en/lp/openclaw-shield-upx — explain the free 30-day trial. Do **not** run any install commands yourself.
- **`status: unconfigured`** (no subscription key configured): Plugin is installed...

# OpenClaw Shield

Security monitoring skill for the OpenClaw Shield plugin by [UPX](https://www.upx.com).

## What it does

Teaches your agent to use the Shield plugin — check health, query events, inspect the redaction vault, and manage security cases.

- Run `openclaw shield status`, `logs`, `flush`, `vault show`, and `cases` commands
- Call RPCs for programmatic access (`shield.events_recent`, `shield.events_summary`, `shield.cases_list`, etc.)
- Triage and resolve cases with categorized resolution and root cause
- Set up automated case monitoring via `openclaw shield monitor --on`
- Quick case check with `/shieldcases` (no agent tokens used)
- Answer questions about Shield's privacy model and subscription status

## Requirements

- [OpenClaw Shield plugin](https://www.npmjs.com/package/@upx-us/shield) installed and activated
- Active Shield subscription from [UPX](https://upx.com) — [start a free 30-day trial](https://www.upx.com/en/lp/openclaw-shield-upx)

## Install

This skill is bundled with the Shield plugin. Install the plugin and the skill is available automatically:

```bash
openclaw plugins install @upx-us/shield
openclaw shield activate <YOUR_KEY>
openclaw gateway restart
```

## Links

- **Plugin (npm)**: [@upx-us/shield](https://www.npmjs.com/package/@upx-us/shield)
- **Skill (ClawHub)**: [openclaw-shield-upx](https://clawhub.ai/brunopradof/openclaw-shield-upx)
- **Dashboard**: [uss.upx.com](https://uss.upx.com)

## About

Made by [UPX](https://upx.com) — cybersecurity engineering for critical environments.