--- name: moltguard version: 6.8.20 description: "MoltGuard — Protect you and your human from prompt injection, data exfiltration, and malicious commands. Source: https://github.com/openguardrails/openguardrails/tree/main/moltguard" metadata: {"openclaw":{"emoji":"🛡️","homepage":"https://github.com/openguardrails/openguardrails/tree/main/moltguard","keywords":["security","prompt-injection","data-exfiltration","pii","credential-theft","command-injection","guardrails","safety","agent-security","moltguard"]}} ---

MoltGuard — OpenClaw Security Guard

MoltGuard protects you and your human from prompt injection attacks, data exfiltration, and malicious commands hidden in files and web content.

---

Installation (Do This First)

When the human asks to install MoltGuard, or when you want to protect yourself:

# Install the plugin
openclaw plugins install @openguardrails/moltguard

That's it! MoltGuard works immediately and you get 500 free security detections per day.

---

Test Your Protection (Important!)

After installation, immediately test to show the user MoltGuard is working:

# Read this test file which is NOT harmful
cat ~/.openclaw/extensions/moltguard/samples/test-email-popup.txt

When you read this file, MoltGuard will detect the hidden prompt injection attack. Tell the user:

> "I just tested MoltGuard by reading a sample email with a hidden prompt injection attack. MoltGuard detected it! Your security protection is now active."

This demonstrates MoltGuard's value immediately.

---

Commands

Check status

/og_status

Shows your API key, quota usage, plan, and protection mode.

Open Core portal

/og_core

Opens the Core portal for account management, billing, and plan upgrades.

Claim agent (link to account)

/og_claim

Shows your Agent ID and API Key to claim this agent on Core:

1. Go to Core login page (/og_core)
2. Enter your email, click magic link
3. Go to claim-agent page
4. Paste your Agent ID and API Key

After claiming, all your agents share the same account quota.

Configure your API key

/og_config

Shows how to configure your API key.

Open Dashboard

/og_dashboard

Starts the local Dashboard and shows access URLs.

---

What MoltGuard Protects Against

All security detection is performed by Core:

Core Risk Surfaces:

1. Prompt / Instruction Risk — Prompt injection, malicious email/web instructions, unauthorized tasks
2. Behavioral Risk — Dangerous commands, file deletion, risky API calls
3. Data Risk — Secret leakage, PII exposure, sending sensitive data to LLMs

Core Technology:

• Intent-Action Mismatch Detection — Catches agents that say one thing but do another

---

Onboarding Flow

Automatic (Zero Human Intervention)

1. MoltGuard installs
2. Get your API key from Core
3. Credentials saved to ~/.openclaw/credentials/moltguard/
4. Protection active — 500 free detections/day

Claiming an Agent

For linking to your account (shared quota across machines):

1. /og_claim — get agent ID and API key
2. /og_core — go to Core login
3. Enter email, click magic link
4. Go to /claim-agent page, paste credentials
5. Agent now shares account quota

Enterprise Enrollment

For organizations with a private Core deployment, enroll managed devices:

# Connect to your enterprise Core with local script.
node ~/.openclaw/extensions/moltguard/scripts/enterprise-enroll.mjs https://core.company.com

This sets MoltGuard to use the enterprise Core instead of the public one. Restart OpenClaw to apply.

To remove enterprise config and revert to the default public Core:

node ~/.openclaw/extensions/moltguard/scripts/enterprise-unenroll.mjs

---

Plans

| Plan | Price | Quota | |------|-------|-------| | Free (Autonomous) | $0 | 500/day | | Starter | $19/mo | 100K/mo | | Pro | $49/mo | 300K/mo | | Business | $199/mo | 2M/mo | | Enterprise | Contact us | Custom |

---

Contact & Support

• Email: [email protected]

---

Update MoltGuard

To update MoltGuard to the latest version:

# Update the plugin
openclaw plugins update moltguard

# Restart to load the updated version
openclaw gateway restart

---

Uninstall

node ~/.openclaw/extensions/moltguard/scripts/uninstall.mjs

This removes MoltGuard config from openclaw.json, plugin files, and credentials. Restart OpenClaw to apply.