EXFOLIATE! EXFOLIATE! — Now with Red Team capabilities.
⚠️ Legal Warning: This platform contains offensive security tools. Only use on systems you have explicit written authorization to test. Unauthorized testing is illegal.
Security Claw (powered by the OpenClaw Offensive OS) is an advanced AI-driven Red Team agent and personal assistant you run on your own devices. It answers you on the channels you already use (WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, Microsoft Teams), and is capable of orchestrating full-scope penetration tests, from reconnaissance to exploitation and reporting.
If you want a personal, single-user offensive security assistant that feels local, fast, and always-on, this is it.
Website · Docs · Vision · DeepWiki · Getting Started · Updating · Showcase · FAQ · Wizard · Nix · Docker · Discord
Preferred setup: run the onboarding wizard (openclaw onboard) in your terminal.
The wizard guides you step by step through setting up the gateway, workspace, channels, and skills. The CLI wizard is the recommended path and works on macOS, Linux, and Windows (via WSL2; strongly recommended).
Works with npm, pnpm, or bun.
New install? Start here: Getting started
Subscriptions (OAuth):
- OpenAI (ChatGPT/Codex)
Model note: while any model is supported, I strongly recommend Anthropic Pro/Max (100/200) + Opus 4.6 for long‑context strength and better prompt‑injection resistance. See Onboarding.
Security Claw employs a sophisticated agent-tool loop to execute complex offensive security workflows safely.
- Phase 1: Web & API Offensive (XBOW Autonomous Swarm, Nuclei, SQLMap, ffuf, jwt_tool)
- Phase 2: Cloud Offensive (ScoutSuite, Pacu, TruffleHog, AWS CLI)
- Phase 3: Active Directory (Impacket, BloodHound, CME, kerbrute)
- Phase 4: Network (nmap, masscan, Bettercap, hydra)
- Phase 5: Attack Graph & Reporting (ATT&CK, CVSS v3.1, SARIF, automated prioritized roadmaps)
- Antigravity Vibecoding: Delegate complex coding and patching tasks to an autonomous background sub-agent.
- XBOW Autonomous Pentesting: Command the XBOW agent swarm to confidently exploit and validate vulnerabilities with zero false positives.
- HackTheBox Auto-Pwn: Automatically download VPN packs, spin up instances, orchestrate the kill chain, and generate markdown walkthroughs for HTB machines.
Includes a live web scraper (skills/threat-intel/scraper.py) that fetches data from NVD API, CISA KEV, Exploit-DB, and more. Ask the Red Team Agent for a threat intelligence briefing!
- Models config + CLI: Models
- Auth profile rotation (OAuth vs API keys) + fallbacks: Model failover
Runtime: Node ≥22.
npm install -g openclaw@latest
# or: pnpm add -g openclaw@latest
openclaw onboard --install-daemonThe wizard installs the Gateway daemon (launchd/systemd user service) so it stays running.
Follow these detailed steps to set up the OpenClaw Offensive OS and activate the Red Team Agent on your local machine.
Ensure you have the following installed:
- Node.js (>= 22.12.0)
- pnpm (>= 9.0)
- Python 3 (>= 3.10)
- Homebrew (macOS/Linux) or Git Bash (Windows)
Run the included setup script to automatically verify Node.js, install all offensive tools (Nuclei, Nmap, Impacket, etc.) via Homebrew/pip, and generate your agent configuration file.
# Make the setup script executable
chmod +x setup-offensive-os.sh
# Run the setup script
./setup-offensive-os.shCopy the example environment file and add your preferred LLM provider API keys (Anthropic Claude 3.5 Sonnet / Opus is highly recommended).
cp .env.example .envEdit .env and insert your keys:
ANTHROPIC_API_KEY=your_key_here
# OR
OPENAI_API_KEY=your_key_hereTo manage the agent and communicate with it through various channels (or the local UI), you need to start the OpenClaw Gateway:
# Install dependencies and build if you haven't yet
pnpm install
pnpm build
# Start the gateway
pnpm openclaw startAlternatively, for development and running the local Control UI, run pnpm dev in a separate terminal.
In a new terminal window, invoke the Red Team Agent. It will load the offensive skills (Phase 1-5) configured in ~/.openclaw/openclaw.json.
pnpm openclaw agent --activation red-teamOnce the agent is active, you can send it prompts via the CLI, the local web dashboard, or connected chat apps (Discord, Telegram, etc.):
- Web Phase: "Discover the attack surface for example.com and run a full web vulnerability assessment."
- Cloud Phase: "Scan AWS account for IAM privilege escalation paths using this key."
- AD Phase: "Perform Kerberoasting against corp.local using credentials user:pass@dc.corp.local."
- Network Phase: "Test SMB service at 192.168.1.10 for EternalBlue and credential attacks."
- Threat Intel: "Get me today's threat intelligence briefing on latest critical CVEs."
📘 Deep Dive: See the Full Setup Guide for manual phase-by-phase tool installation, specific OWASP mappings, and troubleshooting.
Security Claw is built on top of the OpenClaw framework, inheriting all of its messaging and orchestration capabilities.
- Local-first Gateway — single control plane for sessions, channels, tools, and events.
- Multi-channel inbox — Control your Red Team agent from WhatsApp, Telegram, Slack, Discord, Signal, and more.
- Live Canvas — agent-driven visual workspace with A2UI for real-time attack graphs.
- Voice Wake + Talk Mode — always-on speech for macOS/iOS/Android.
- Sandboxing & Security — run sessions inside per-session Docker containers to prevent agents from straying out of bounds.
OpenClaw tools run locally on the host by default. For offensive security tasks, or when exposing the bot to a channel group, you should enable Sandboxing:
- Set
agents.defaults.sandbox.mode: "non-main"to isolate group/channel sessions inside Docker containers. - Utilize the explicit Gateway Approval system for privileged commands.
Details: Security guide · Docker + sandboxing
If you are looking for configuration manuals for the core framework (channels, models, UI):
See CONTRIBUTING.md for guidelines, maintainers, and how to submit PRs. AI/vibe-coded PRs welcome! 🤖
Special thanks to Mario Zechner for his support and for pi-mono. Special thanks to Adam Doppelt for lobster.bot.
Thanks to all clawtributors: