search

OpenClaw (Clawdbot) Visibility

hashtag
Overview

Akto Atlas provides visibility into employee usage of OpenClaw (Clawdbot) by observing agent activity at the endpoint level. Visibility is enabled through the MCP Endpoint Shield, which operates locally on enterprise-managed devices.

circle-check

Akto Atlas does not require direct integration with Clawdbot services, APIs, or SaaS infrastructure.

hashtag
Observation Model

Akto Atlas observes OpenClaw interactions through request and response guardrail validation.

Requests originating from OpenClaw channels such as AI models, chat applications, productivity tools, and automation platforms first pass through Akto Endpoint Shield for input guardrail validation before reaching OpenClaw (Clawdbot).

Responses generated by OpenClaw pass through Akto Endpoint Shield again for response guardrail validation. Metadata from both validation stages is sent to the Akto Dashboard for monitoring and visibility.

hashtag
Attributes Detected by Akto Atlas

After Clawdbot successfully connects to MCP Endpoint Shield, Akto Atlas can identify:

  • Presence of Clawdbot on enterprise-managed endpoints

  • Endpoints where Clawdbot is actively used

  • Enterprise users associated with each endpoint

  • First observed connection timestamp

  • Most recent observed connection timestamp

  • Frequency of observed usage sessions

hashtag
Visibility Mechanisms

Akto Atlas provides visibility into OpenClaw activity through proxy-based request monitoring and event-based hook integrations.

hashtag
Through AI Agent Proxy

Akto Atlas can observe OpenClaw model requests when OpenClaw routes LLM traffic through the Akto AI Agent Proxy.

The AI Agent Proxy operates as a middleware layer between OpenClaw and the configured model provider. OpenClaw sends model requests to the proxy endpoint instead of directly calling the LLM provider.

The request flow becomes:

spinner

The proxy records request metadata, applies guardrails, and forwards the request to the configured model provider. Akto Atlas receives the recorded metadata and associates the activity with the OpenClaw agent and the enterprise user.

Enterprise teams must configure OpenClaw to route model traffic through the proxy endpoint. Following are the configuration steps:

1

Set Up the AI Agent Proxy

Deploy the Akto AI Agent Proxy in the environment where OpenClaw sends model requests. The proxy acts as the intermediary between OpenClaw and the actual model provider.

Deployment instructions and architecture details are available in the following documentation: AI Agent Proxy

After completing the proxy deployment, note the proxy endpoint URL. OpenClaw uses the proxy endpoint as the model provider base URL.

2

Update the openclaw.json Configuration File

OpenClaw uses the openclaw.json configuration file to define model providers. Add a provider entry that routes model requests to the Akto AI Agent Proxy.

Example configuration:

  • The baseUrl parameter must reference the AI Agent Proxy endpoint instead of the direct model provider endpoint.

  • The X-Original-Provider header allows the proxy to forward the request to the correct model provider after applying guardrails.

3

Register the Provider in the Authentication Profile

OpenClaw requires an authentication profile entry for every configured provider. The authentication profile allows OpenClaw to activate the configured model provider.

Create or update the file auth.profile.json with the following configuration:

The authentication profile registers the proxy-backed provider so OpenClaw can route model requests through the AI Agent Proxy.

After completing the configuration steps, OpenClaw sends model requests through the proxy. Akto Atlas observes the requests and records model interaction metadata.

hashtag
Through Hooks

Akto Atlas can observe OpenClaw interaction events through message lifecycle hooks when the OpenClaw platform exposes message send and message receive hooks.

Hook-based visibility depends on OpenClaw providing those hooks. Akto Atlas can subscribe to hook endpoints only after OpenClaw exposes the hook interface.

When OpenClaw triggers the message send or message receive hook, interaction metadata can be sent to Akto Atlas to record OpenClaw activity associated with enterprise users.

hashtag
Through MS Defender for Endpoint

In addition to Proxy-based and Hook-based visibility, OpenClaw also supports discovery via Microsoft Defender for Endpoint.

This method enables endpoint-level visibility by integrating Defender with Akto Atlas.

hashtag
Steps

1

Navigate to Akto Atlas dashboard and go to Connectors.

2

Select Microsoft Defender for Endpoint

3

Fill in the required fields:

  • Tenant ID → Your Azure AD tenant ID

  • Client ID → App registration client ID

  • Client Secret → App secret for authentication

  • Data Ingestion Service URL → Defender API ingestion endpoint

  • Polling Interval → Frequency (in seconds) to fetch data

4

Click Save.

hashtag
How it Works

  • Akto connects to Defender using the configured credentials

  • Defender provides endpoint-level telemetry

  • This enables:

    • Detection of AI tools

    • Visibility into OpenClaw activity

    • Integration with guardrail enforcement workflows

hashtag
Enable Guardrail via MS Defender for Endpoint

To enable OpenClaw guardrails on endpoints using Microsoft Defender:

1

Follow the steps from: Deploy via Microsoft Defender → up to Step 3

2

For OpenClaw:

  • Request the appropriate script from the Akto support team

    • macOS / Linux → .sh script

    • Windows → .ps1 script

3

After completing the setup run the script via Live Response:

  1. Navigate to:

    • Microsoft Defender → Assets → Devices

  2. Select the target device

  3. Click Initiate live response session

  4. Once connected, run the script:

Wait for the script to complete execution.

chevron-right🐧 WSL (Additional Setup)hashtag

If you are using WSL, complete the following before running the script

circle-info

Live Response and updates must be executed on the Windows host (not inside WSL)

1. Update Script Variables

  • Open the script in a text editor

  • Update required environment variables (API key, model, etc.)

circle-info

The script runs on the Windows host and connects to WSL using this path.

2. Verify or Install jq

Check if installed:

If not installed:

3. Run The Script

Run the script from the Live Response session:

hashtag
Observability Location in Akto Atlas

hashtag
Assets Inventory

Clawdbot appears in the Agentic Assets inventory within Akto Atlas.

For each Clawdbot asset, Akto Atlas displays:

  • Asset name: Clawdbot

  • Detection source: AI Agent

  • Associated endpoints

  • Risk Score

  • First seen timestamp

  • Last seen timestamp

hashtag
Supported Operating Systems

Akto Atlas supports OpenClaw visibility on enterprise-managed endpoints running:

  • macOS

  • Windows

  • Linux

When MCP Endpoint Shield runs on any of these operating systems, Akto Atlas can observe OpenClaw connections to the local MCP endpoint and register usage metadata.

hashtag
Data Scope and Enforcement Boundaries

Akto Atlas enforces strict boundaries on observed data:

  • Data collection begins only after MCP Endpoint Shield installation

  • Visibility is limited to endpoints where MCP Endpoint Shield is active

  • Only usage metadata is collected

  • No inspection of prompts, internal logic, or generated outputs

  • No modification, blocking, or interference with Clawdbot execution

hashtag
Get Support for your Akto setup

There are multiple ways to request support from Akto. We are 24X7 available on the following:

  1. In-app intercom support. Message us with your query on intercom in Akto dashboard and someone will reply.

  2. Join our discord channelarrow-up-right for community support.

  3. Contact [email protected] for email support.

PreviousMacOS InstallationNextCursor Hooks

Last updated