The Shell Security plugin for OpenClaw bridges the gap between raw security audit output and actionable remediation. It runs the built-in `openclaw security audit` CLI command locally, sends only the findings (no secrets or config) to KiloCode's Security Advisor API, and returns a prioritized markdown report with specific fix steps — all within your chat interface (Slack, Telegram, or Control UI). Installation is straightforward via the plugin CLI, with slash command or natural language invocation. The plugin is currently in dev release with known rough edges around formatting and a conditional CTA bug, but the npm package is live under MIT license.
Table of contents
What it doesInstalling itTwo ways to run itFirst-run authenticationWhat gets sent (and what doesn’t)What the report looks likeWhy this is usefulCurrent statusSort: