A fail-closed CCTV-style security monitor for OpenClaw on macOS.
- Root-run watchdog + monitor service (
launchd) - Tamper-evident audit log (hash-chain + HMAC signature)
- Security policy loaded from
SECURITY.mdat startup - Dangerous operations blocked unless authorized by short-lived token
- Token transport is
env-only(OPENCLAW_SEC_AUTH) - Secret/token values are redacted (
****) before any log write
This project is licensed under Apache License 2.0.
- SPDX headers are included in project files
- Full license text:
LICENSE
- Contribution guide:
CONTRIBUTING.md - Security policy and reporting:
SECURITY.md
- OpenClaw process/channel may be compromised
- Attacker tries to execute dangerous commands, disable policy, or access audit logs through OpenClaw
- If attacker already has local macOS admin/root privileges, they can still bypass protections
- If attacker does not have admin/root, they cannot bypass CCTV policy via OpenClaw channel
LaunchDaemon(com.openclaw.cctv)
|
v
watchdog.py (root, fail-closed precheck)
|
v
cctv.py (root monitor)
|
+--> /var/log/openclaw-cctv/audit.log
+--> /var/log/openclaw-cctv/alerts.log
+--> syslog (tag: openclaw-cctv)
install.sh: install and enable serviceharden_openclaw.sh: one-click hardening after OpenClaw deploymentcctv.py: main policy enforcement and auditingwatchdog.py: self-recovery + fail-closed launcherlogger.py: append-only style hash-chain loggerSECURITY.md: human-readable + machine policy blockrules.json: extra monitor/integrity rulesgen_auth_token.sh: root-side token generator
- macOS (Intel/Apple Silicon)
- Python 3 (
/usr/bin/python3) - root privileges for install/hardening
- OpenClaw already deployed
Install and run your OpenClaw service as non-root user.
cd openclawcctv
sudo ./harden_openclaw.shThis will:
- install files to
/Library/Application Support/OpenClawCCTV - install policy to
/etc/openclaw/security/SECURITY.md - create root-only keys
- bootstrap
launchdservicecom.openclaw.cctv - enforce permissions for policy/log directories
sudo launchctl print system/com.openclaw.cctv
sudo tail -f /var/log/openclaw-cctv/audit.log
sudo tail -f /var/log/openclaw-cctv/alerts.logFor dangerous commands, policy requires token in environment variable:
- variable name:
OPENCLAW_SEC_AUTH - token format:
<timestamp_ms>:<nonce>:<hmac_sha256>
Generate token:
eval "$(sudo /Library/Application\ Support/OpenClawCCTV/gen_auth_token.sh)"Then execute dangerous operation (example pattern match):
OPENCLAW_SEC_AUTH="$OPENCLAW_SEC_AUTH" openclaw ...- Passing token via command-line
SEC-AUTH:...is blocked - Token is short-lived and one-time (anti-replay)
Audit fields include timestamp, pid, user, command, file/network target, result, chain hash, and signature.
Sensitive values are redacted before write:
OPENCLAW_SEC_AUTH=...->OPENCLAW_SEC_AUTH=****SEC-AUTH:...->SEC-AUTH:****password/token/secret/api_keystyle values ->****
cctv.py requires valid machine policy block from:
/etc/openclaw/security/SECURITY.md
If missing/invalid:
- monitor fails closed
- watchdog refuses to relaunch monitor until policy is valid
- Do not run OpenClaw as root (script enforces this)
- Keep keys root-only:
/etc/openclaw-cctv.key/etc/openclaw-cctv.authkey
- Protect audit directory permissions:
/var/log/openclaw-cctv
cd openclawcctv
sudo ./uninstall.shOptional cleanup:
sudo ./uninstall.sh --purge-logs --purge-policy --purge-keybash -n install.sh uninstall.sh harden_openclaw.sh gen_auth_token.sh
python3 -m py_compile cctv.py watchdog.py logger.pyThis project improves non-root channel abuse resistance but is not a kernel-level mandatory access control system. If an attacker has local admin/root, bypass is still possible.