Security observability and control for AI agents. MoltSOC is a security tool that gives you a local SOC surface for OpenClaw bots and agents: collect security-relevant telemetry from OpenClaw logs and configs, visualize it, raise alerts, and let OpenClaw act as your Security Analyst to triage and maintain the SOC.
- Security-first — Built for SecOps: alerts, rules, evidence, and AI-augmented triage. Part of the IntelliJOES vision (see below).
- Local & private — No cloud, no accounts. Runs on your machine; metadata only, no prompt or file contents.
- Single CLI — One flow:
moltsoc install→moltsoc start→moltsoc dashboard. Live data from OpenClaw by default. - OpenClaw-native — Plugin for security summary (RPC + optional agent tool) and one command to open the full dashboard.
Security Joes is rebuilding SecOps around AI and agents. We’re building IntelliJOES — an Agentic SecOps Augmentation Platform that augments security teams with AI-driven visibility, triage, and response. Instead of traditional, siloed SOC tooling, IntelliJOES brings agentic workflows: your AI becomes a Security Analyst that can see alerts, prioritize them, suggest actions, and help maintain detection rules.
MoltSOC is part of that vision. It’s the security observability layer for OpenClaw: you get a local SOC (timeline, alerts, rules, evidence) and the ability to wake the MoltSOC skill so OpenClaw maintains your alerts as your Security Analyst. We’re iterating toward a full Agentic SecOps experience — MoltSOC is where we start with OpenClaw and the OpenClaw community.
| Path | Description |
|---|---|
moltsoc.cmd |
Windows launcher: run moltsoc.cmd <command>. After moltsoc install, the repo is added to PATH so moltsoc works from any terminal (restart terminal first). |
moltsoc |
macOS/Linux launcher: run ./moltsoc <command> or add repo to PATH and run moltsoc <command>. |
scripts/add-path.ps1 |
Windows: adds the MoltSOC repo directory to your user PATH (run automatically by moltsoc install). |
cli/ |
MoltSOC CLI implementation: install, start, stop, status, dashboard, update, uninstall, help. |
collector/ |
Security telemetry collector: tails OpenClaw logs and polls CLI status, emits events and alerts, serves HTTP API on 127.0.0.1:7777. |
dashboard/ |
SOC dashboard: side menu, timeline, alerts, session view, map, rules, AI context, and OpenClaw Security Analyst panel. |
plugin/moltsoc/ |
OpenClaw plugin: moltsoc.summary RPC, openclaw moltsoc dashboard CLI, optional moltsoc_get_summary tool for AI triage. |
-
Clone
git clone https://github.com/securityjoes/MoltSoc.git cd MoltSoc
-
Install (one command – installs collector + dashboard deps and, on Windows, adds MoltSOC to your PATH)
moltsoc.cmd installOn Windows: run
moltsoc.cmd installfrom the repo folder. The install script adds the repo folder to your user PATH (viascripts/add-path.ps1), so after you restart your terminal you can runmoltsocfrom anywhere. On macOS/Linux: run./moltsoc install; add the repo folder to your PATH if you wantmoltsocfrom anywhere. -
Start the collector (scans OpenClaw logs/configs; use
--backgroundto run in background)moltsoc start
Or:
moltsoc start --background. Stop withmoltsoc stop. -
Open the dashboard
moltsoc dashboard
This starts the dashboard dev server (if needed) and opens http://localhost:5173. Live is on by default; data comes from the collector.
-
Optional: OpenClaw plugin
From the repo folder:openclaw plugins install ./plugin/moltsoc. Then useopenclaw moltsoc dashboardor callmoltsoc.summary; enable themoltsoc_get_summarytool so the AI can triage alerts.
| Command | Description |
|---|---|
moltsoc install |
Install dependencies for collector and dashboard. Run once after clone. |
moltsoc start |
Start the collector (foreground). Use moltsoc start --background to run in background. |
moltsoc stop |
Stop the collector if running in background. |
moltsoc status |
Check if collector is running (health at http://127.0.0.1:7777). |
moltsoc dashboard |
Start dashboard dev server (if needed) and open http://localhost:5173 in browser. |
moltsoc update |
Pull latest from git, reinstall deps, restart collector if it was running. |
moltsoc uninstall |
Stop collector, remove runtime data (.moltsoc). Use --full to also remove node_modules in collector and dashboard for a clean reinstall. |
moltsoc help |
Show help. |
Running moltsoc: All commands are under the moltsoc CLI:
- Windows: Run
moltsoc.cmd installonce from the repo folder; this installs deps and adds the repo to your PATH viascripts/add-path.ps1. Restart your terminal, then you can runmoltsocfrom anywhere. Until then, usemoltsoc.cmd <command>from the repo folder. - macOS/Linux: Run
./moltsoc <command>from the repo folder. To usemoltsocfrom anywhere, add the repo folder to your PATH and runchmod +x moltsoc.
To uninstall your current MoltSOC (e.g. before installing the new version):
-
Stop and remove runtime data
moltsoc uninstall
This stops the collector (if running in background) and deletes the
.moltsocfolder (PID and runtime state). -
Optional: full clean (removes
node_modulesin collector and dashboard so you can reinstall from scratch)moltsoc uninstall --fullThen run
moltsoc installagain after cloning or pulling the new version. -
Remove MoltSOC entirely
Delete the repo folder.
The dashboard has an OpenClaw Security Analyst panel in the sidebar. It explains how to engage the MoltSOC skill: ask OpenClaw to triage MoltSOC alerts or maintain the SOC. OpenClaw then acts as your Security Analyst — part of the IntelliJOES vision of agentic SecOps augmentation. The panel shows the last collector heartbeat so you can see when data is live.
- Version: Root
package.jsonand CHANGELOG.md. We use Semantic Versioning. - Release notes: See CHANGELOG.md.
- Tags: For each release, create a tag (e.g.
git tag v0.2.0) and push (git push origin v0.2.0). Optionally create a GitHub Release from the tag with copy from CHANGELOG.
Made by Security Joes with ❤️ to the OpenClaw community — rebuilding SecOps with IntelliJOES.