Product
Introducing Repository Access Permissions and Custom Roles
Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.
By Joe Werle - Jun 19, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@openguardrails/moltguard
Advanced tools
@openguardrails/moltguard
AI agent security plugin for OpenClaw: prompt injection detection, PII sanitization, and monitoring dashboard
MoltGuard
Comprehensive AI security for OpenClaw: Real-time protection against prompt injection, data leaks, and dangerous actions.
GitHub: https://github.com/openguardrails/openguardrails/tree/main/moltguard
npm: https://www.npmjs.com/package/@openguardrails/moltguard
Three Principles
- Instant Value — Works immediately after installation
- No Security Expertise — No configuration needed
- Secure by Default — "Install it, and the agent won't go rogue"
Features
| Feature | Description |
|---|---|
| Agent Guard | Real-time interception of tool calls, shell commands, file access, HTTP requests |
| Secret & Data Leak Protection | Auto-sanitize API keys, SSH keys, PII before sending to LLMs |
| Prompt Injection Protection | Detect "ignore instructions", "send secrets", "bypass rules" attacks |
| Local Dashboard | View detection stats, agentic hours, and risk events |
Quick Start
# Install the plugin
openclaw plugins install @openguardrails/moltguard
# Restart OpenClaw
openclaw gateway restart
That's it. MoltGuard auto-registers with Core and starts protecting immediately with 500 free checks/day.
Commands
All commands are available in OpenClaw conversation:
| Command | Description |
|---|---|
/og_status | Show status, API key, quota, and mode |
/og_sanitize on | Enable AI Security Gateway (sanitize sensitive data before sending to LLMs) |
/og_sanitize off | Disable AI Security Gateway |
/og_sanitize | Show gateway status |
/og_scan [type] | Scan workspace files for security risks |
/og_autoscan on/off | Enable/disable automatic file scanning on changes |
/og_dashboard | Start local Dashboard and get access URL |
/og_config | Show how to configure API key for cross-machine sharing |
/og_core | Open Core portal for account and billing |
/og_claim | Display agent ID and API key for claiming on Core |
/og_reset | Reset MoltGuard and re-register (gets new API key) |
AI Security Gateway
Protect sensitive data in your prompts before sending to LLMs.
How It Works
You: "My API key is sk-abc123, call the service"
↓ Gateway sanitizes locally
LLM sees: "My API key is __PII_SECRET_00000001__, call the service"
↓ LLM responds
LLM: "Calling service with __PII_SECRET_00000001__"
↓ Gateway restores
Tool executes with: "Calling service with sk-abc123"
Enable Gateway
/og_sanitize on
This modifies your ~/.openclaw/openclaw.json to route all LLM providers through the local gateway (port 53669).
Supported Data Types
| Data Type | Placeholder | Examples |
|---|---|---|
| API Keys | __PII_SECRET_*__ | sk-..., ghp_..., AKIA... |
| Bearer Tokens | __PII_SECRET_*__ | Bearer eyJhbG... |
__PII_EMAIL_ADDRESS_*__ | user@example.com | |
| Credit Cards | __PII_CREDIT_CARD_*__ | 4111-1111-1111-1111 |
| Phone | __PII_PHONE_*__ | +1-555-123-4567 |
| SSN | __PII_SSN_*__ | 123-45-6789 |
| IP Address | __PII_IP_ADDRESS_*__ | 192.168.1.1 |
| URLs | __PII_URL_*__ | https://internal.corp/secret |
| High-entropy strings | __PII_SECRET_*__ | Random tokens with Shannon entropy ≥4.0 |
Prompt Injection Detection
MoltGuard detects malicious instructions hidden in external content (emails, web pages, documents).
Detection Flow
External Content (email/webpage/document)
↓
┌─────────────┐
│ Local │ Strip PII before analysis
│ Sanitize │
└─────────────┘
↓
┌─────────────┐
│ Core │ Behavioral assessment
│ API │ (rule-driven, no LLM)
└─────────────┘
↓
Block or Allow
What Gets Detected
- "Ignore previous instructions" patterns
- "Send me your secrets" attempts
- System prompt override attacks
- Hidden instructions in markdown/HTML
- Data exfiltration attempts
Static File Scanning
Scan workspace files for security risks:
/og_scan all # Scan all workspace files
/og_scan memories # Scan memory files only
/og_scan skills # Scan skill files only
/og_scan summary # Show file count without scanning
Enable automatic scanning on file changes:
/og_autoscan on
Dashboard
View security stats in a local web dashboard:
/og_dashboard
The dashboard shows:
- Detection events and findings
- Agentic hours (total time of tool calls)
- Gateway activity (sanitizations/restorations)
- Risk event timeline
Claiming an Agent
Link your agent to an email for shared quota across machines:
- Run
/og_claimto get your agent ID and API key - Run
/og_coreto open the Core portal - Enter your email to receive a magic login link
- Go to
/claim-agentand paste your credentials - Agent is now linked to your account
Configuration
Edit ~/.openclaw/openclaw.json:
{
"plugins": {
"entries": {
"moltguard": {
"enabled": true,
"config": {
"coreUrl": "https://www.openguardrails.com/core",
"blockOnRisk": true,
"timeoutMs": 60000
}
}
}
}
}
Options
| Option | Default | Description |
|---|---|---|
coreUrl | https://www.openguardrails.com/core | Core API endpoint |
blockOnRisk | true | Block tool calls when risk detected |
timeoutMs | 60000 | Detection timeout in milliseconds |
apiKey | (auto) | API key (auto-registered if empty) |
Environment Variables
OG_API_KEY=sk-og-... # Use specific API key
OG_CORE_URL=... # Custom Core URL
Privacy & Data Protection
OpenGuardrails protects your data — we don't collect it.
Local-First Design
- All sensitive data is sanitized on your machine before leaving
- Gateway runs locally on
127.0.0.1:53669 - Placeholder-to-original mappings are ephemeral (discarded after each request)
- Credentials stored locally at
~/.openclaw/credentials/moltguard/
What the Cloud API Receives
- Sanitized content (placeholders, not real values)
- Tool names and timing signals
- Never: raw file contents, conversation history, or PII
Fail-Open Design
If the Core API is unreachable, tool calls are allowed — never blocks your workflow due to network issues.
Plugin Update
MoltGuard supports graceful updates:
openclaw plugins update @openguardrails/moltguard
The plugin automatically handles port conflicts during updates using a secure token mechanism.
Uninstall
openclaw plugins uninstall @openguardrails/moltguard
openclaw gateway restart
To remove stored credentials:
rm -rf ~/.openclaw/credentials/moltguard
rm -rf ~/.openclaw/extensions/moltguard
Development
git clone https://github.com/openguardrails/openguardrails.git
cd openguardrails/moltguard
npm install
npm run typecheck
npm run test
# Local development install
openclaw plugins install -l .
openclaw gateway restart
Contact
License
MIT
FAQs
AI agent security plugin for OpenClaw: prompt injection detection, PII sanitization, and monitoring dashboard
The npm package @openguardrails/moltguard receives a total of 175 weekly downloads. As such, @openguardrails/moltguard popularity was classified as not popular.
We found that @openguardrails/moltguard demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Mar 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.
By John Tuckner - Jun 18, 2026
Product
Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions
Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.
By John Tuckner - Jun 17, 2026