This doc is a quick guide of finding potential instances of OpenClaw (aka Clawdbot, Moltbot) by using EPM Analytics. Please refer to Using Endpoint Privilege Management with local AI agents in our public docs.
Where this works
This works in the cases where:
- The application group is set up to log to EPM-SaaS
- The target system has the name as standard, and not obfuscated the tool with a rename
Quick Analytics Checks
- In EPM SaaS, or in your SIEM / log aggregator of choice, search for Events → Filter by: Command Line → Search for any contains `openclaw`, `moltbot`, or `clawdbot`
- In EPM SaaS, or your SIEM / log aggregator of choice, I would recommend using the Custom Views options to save this for rechecks
- You can also check for file/folder contains those key words
What returns
- Depending on what is being logged, you could end up with a lot of noise. For instance, emails or browser visits to sites with those in the name, etc.
- It could return scheduled tasks calling gateway.cmd, etc. which is a decent indicator that this AI is on the system.
- It could be showing the installation, or configuration of the initial launch with different application programs.
What to block
- The nature of OpenClaw is slippery that doesn’t lend well to a typical block approach
- E.g. typically requires command line or dev tool access, along with administrative access to configure on Windows.
- A block on this command line is a very big hammer and scorched-Earth approach
- Even doing this block, you may find users trying to bypass the block. Monitor those ones who are looking for crafty solutions.
- The same standards of least-privilege. If a user doesn’t require dev tools, then don’t allow them for their workstyle.
- If they do need it for their workstyle, then maybe don’t give them admin.
- If they are a dev that requires admin rights with dev tools, then blocking command-line these may stop the low-hanging fruit of the unmotivated, however it doesn’t get rid of the entire problem. This is the tip of the ice berg.
- This ice berg may also include using personal AI in the browser. More tools will come out with these similar capabilities.
What I suggest
- Monitor for openclaw/moltbot/clawdbot (sometimes the older names still exist)
- Approach with least privilege in mind to get rid of the dev tools entirely.
- Avoid artisanal block policies; you will have a hard time catching up
- If you absolutely must try something, know the command-line filename matching isn’t perfect, it’s a blunt hammer, but it may work in a pinch, then dial back.
- If you find OpenClaw or its predecessors in systems, talk to your security investigation team about how best to proceed
- There may need to be a check to validate if a breach or loss of data had occurred.
