Local-first SecOps,
inside OpenClaw.
SecOpsAI turns OpenClaw audit telemetry into actionable findings (malware, exfil, risky exec/policy abuse) and lets you triage from chat/WhatsApp. All data stays on your machine.
Detect, triage, and act — locally
SecOpsAI is a sidecar detection engine for OpenClaw. It reads local audit telemetry, produces findings with severity + evidence, and supports fast chat-driven triage workflows.
WhatsApp workflows
Use OpenClaw to interact with SecOpsAI from WhatsApp: “check malware”, “check exfil”, “show OCF-…”, “mitigate OCF-…”.
Threat Intel (IOCs)
Pull open-source IOCs, normalize + score them, optional local enrichment (DNS), then match against replay events to generate TI findings.
Coming soon integrations
OpenClaw variants
Native integrations with other OpenClaw variants/telemetry sources are coming soon: Hermes, ManusAI, Zo Computer.
SIEM platforms (optional)
Optional SIEM output integrations are coming soon: Splunk and Elastic (Elasticsearch).
(Still local-first by default — exporting is opt-in.)
Zero to findings in minutes
Install locally, run the pipeline, list findings. All data stays on your device unless you explicitly export it.
curl -fsSL https://secopsai.dev/install.sh | bash
cd ~/secopsai && source .venv/bin/activate
secopsai refresh && secopsai list --severity high
secopsai intel refresh && secopsai intel match --limit-iocs 500