OpenClaw is a free and open-source “personal AI assistant” that a user can connect to the local resources on their computer, messaging applications, calendars, and anything else they want the agent to access.
Right now, at least one of your users is experimenting with a personal assistant like OpenClaw. How you feel about that depends largely on the risk appetite of your organization, and how quickly you can spin up resources to assess the risk of this week’s AI buzztoy. This stuff is coming at us fast.
A “personal AI assistant” doesn’t need to be malicious or vulnerable for you to want to wrap some policy around its use on corporate-issued devices.
The facts are:
Personal AI assistants, by their nature, will seek broad system access - interacting with files, processes, and network resources - which makes it a powerful tool if it were ever abused.
Personal AI assistants may install persistence mechanisms like launchd services and binaries across multiple paths, making them difficult to fully remove.
The default listening port for these personal assistants could be exploited for remote access to your device or command-and-control.
The most conservative option would be to block the use of these technologies until your team has had some time to figure out how to use them safely. (See these tips from the Auth0 team if you’re experimenting with OpenClaw).
You may also want to make access decisions for specific resources based on whether an AI assistant is downloaded, installed, or actively listening on a device used to access enterprise resources.
That’s where Okta advanced posture checks can play a role. Advanced posture checks incorporates osquery-based posture evaluations on any device running admin-issued versions of the Okta Verify client.
By integrating detection queries like the samples provided below into advanced posture checks, organizations can automatically evaluate device health at authentication time and enforce access policies that, for example:
Block or restrict sign-ins from devices where OpenClaw is detected
Deny access to specific sensitive resources (apps) from devices where OpenClaw is detected
Trigger workflows that notifies administrators of a detection.
In all cases, administrators can create customized remediation advice for the user. Users can be instructed to take the actions necessary to restore access to specific resources, without having to call the IT helpdesk.
Sample queries
Let’s assume OpenClaw is the personal AI assistant you want to check for. There are a number of approaches to detecting its use on a MacOS device.
Launchd
Let’s start with persistent services/daemons by searching launchd for the term “OpenClaw”. OpenClaw can be configured to launch at startup before you’ve even opened your terminal. This is part of the reason why personal AI assistants make people very, very nervous.
SELECT 1 AS result FROM (
SELECT path
FROM launchd
WHERE name LIKE '%openclaw%'
LIMIT 1);
Files
Advanced posture checks can also search for the presence of configuration files and binaries in common installation paths.
SELECT 1 AS result FROM (
SELECT path
FROM file
WHERE path LIKE '/Users/%%/.openclaw/openclaw.json'
OR path LIKE '/%%/.openclaw/%'
OR path LIKE '/Users/%%/.volta/bin/openclaw'
OR path LIKE '/Users/%%/.nvm/current/bin/openclaw'
OR path LIKE '/usr/bin/openclaw'
OR path LIKE '/usr/local/bin/openclaw'
OR path LIKE '/opt/homebrew/bin/openclaw'
OR path LIKE '/Applications/OpenClaw.app'
LIMIT 1);
Running processes
Perhaps you’re less concerned by whether OpenClaw has ever run on the machine, and more concerned about whether it’s running while a user is signing in to protected resources?
SELECT 1 AS result FROM (
SELECT path
FROM processes
WHERE name LIKE '%openclaw%'
OR cmdline LIKE '%openclaw%'
LIMIT 1
);
Homebrew packages
OpenClaw leans on Homebrew for access to system-level dependencies. The presence of a homebrew installation with the name “OpenClaw” is another breadcrumb to follow.
SELECT 1 AS result FROM (
SELECT path
FROM homebrew_packages
WHERE name LIKE '%openclaw%'
LIMIT 1
);
npm package checks
The presence of an npm package of the same name also offers a detection opportunity.
SELECT 1 AS result FROM (
SELECT path
FROM npm_packages
WHERE name LIKE '%openclaw%'
LIMIT 1
);
Listening ports
By default, OpenClaw listens on several network ports:
- 18789 (TCP): The main port for the WebSocket Gateway, which coordinates connections between clients (CLI, web UI, mobile apps) and the AI agent.
- 18791 (TCP): Used for browser-based control/dashboard access.
- 9090: The application often defaults to using port 9090 for its service mode. Users frequently deploy OpenClaw using Docker containers, where mapping this port is necessary to access the service, commonly using 0.0.0.0:9090.
SELECT 1 AS result FROM (
SELECT path
FROM listening_ports
WHERE port IN
('9090', -- Default OpenClaw self-hosted port.
'18789', -- The main port for the WebSocket Gateway.
'18791' -- Used for browser-based control/dashboard access.
)
OR path LIKE '%openclaw%'
LIMIT 1
);
Installed applications
Advanced posture checks can also simply check if an app of this name is installed on the (MacOS) system.
SELECT 1 AS result FROM (
SELECT path
FROM apps
WHERE name LIKE '%openclaw%'
OR bundle_identifier LIKE '%openclaw%'
LIMIT 1
);
Docker images
Advanced posture checks can also check for whether OpenClaw is running in a container. Here is a check for Docker images that use the name “OpenClaw”...
SELECT 1 AS result FROM (
SELECT id
FROM docker_images
WHERE tags LIKE '%openclaw%'
LIMIT 1
);
Docker containers
SELECT 1 AS result FROM (
SELECT id
FROM docker_containers
WHERE image LIKE '%openclaw%'
LIMIT 1
);
All together now
Given many of these detections rely on mutable names, a single query (or even two) might be prone to false positives. You may find that a few in combination deliver more consistent results.
The final query I’ll leave you with attempts to detect the presence of OpenClaw on a macOS device by examining multiple system sources and combining the results into a single detection score.
Each source contributes a count of matches. These counts are summed into a final score:
Score ≤ 2 → openclaw_detected = 0 (insufficient confidence of detection)
Score > 2 → openclaw_detected = 1 (confident detection)
The threshold of 2 helps avoid false positives by requiring multiple indicators before flagging a device.
WITH launch_claw AS (
SELECT COALESCE(COUNT(*), 0) as total
FROM launchd
WHERE name LIKE '%openclaw%'
),
file_claw AS (
SELECT COALESCE(COUNT(*), 0) as total
FROM file
WHERE path LIKE '/Users/%%/.openclaw/openclaw.json'
-- OR path LIKE '/%%/.openclaw/%'
OR path LIKE '/Users/%%/.volta/bin/openclaw'
OR path LIKE '/Users/%%/.nvm/current/bin/openclaw'
OR path LIKE '/usr/bin/openclaw'
OR path LIKE '/usr/local/bin/openclaw'
OR path LIKE '/opt/homebrew/bin/openclaw'
OR path LIKE '/Applications/OpenClaw.app'
),
claw_process AS (
SELECT COALESCE(COUNT(*), 0) as total
FROM processes
WHERE name LIKE '%openclaw%'
OR cmdline LIKE '%openclaw%'
),
homebrew_claw AS (
SELECT COALESCE(COUNT(*), 0) as total
FROM homebrew_packages
WHERE name LIKE '%openclaw%'
),
npm_claw AS (
SELECT COALESCE(COUNT(*), 0) as total
FROM npm_packages
WHERE name LIKE '%openclaw%'
),
netports_claw AS (
SELECT COALESCE(COUNT(*), 0) as total
FROM listening_ports
WHERE port IN
('9090', -- Default OpenClaw self-hosted port.
'18789', -- The main port for the WebSocket Gateway.
'18791' -- Used for browser-based control/dashboard access.
)
OR path LIKE '%openclaw%'
),
apps_claw AS (
SELECT COALESCE(COUNT(*), 0) as total
FROM apps
WHERE name LIKE '%openclaw%'
OR bundle_identifier LIKE '%openclaw%'
),
docker_image_claw AS (
SELECT COALESCE(COUNT(*), 0) as total
FROM docker_images
WHERE tags LIKE '%openclaw%'
),
docker_container_claw AS (
SELECT COALESCE(COUNT(*), 0) as total
FROM docker_containers
WHERE image LIKE '%openclaw%'
),
final_score AS (
SELECT
+ file_claw.total
+ claw_process.total
+ homebrew_claw.total
+ npm_claw.total
+ netports_claw.total
+ apps_claw.total
+ docker_image_claw.total
+ docker_container_claw.total
AS score
FROM launch_claw, file_claw, claw_process, homebrew_claw, npm_claw, netports_claw, apps_claw, docker_image_claw, docker_container_claw
)
SELECT
CASE
WHEN score <= 2 THEN 0
WHEN score > 2 THEN 1
END AS openclaw_detected
FROM final_score
;
More clawsome detections
Detecting the presence of a new and unverified application like OpenClaw is one of numerous ways in which advanced posture checks can be used to ensure resources are only accessed from devices exhibiting strong hygiene.
Stay tuned for more!
