Connect OpenClaw to Capsule Security for complete visibility into AI coding agent activity, including tool execution, agent replies, session lifecycle, and message writes — with optional inline blocking on policy-violating actions for async hooks.
This integration uses OpenClaw's plugin system to capture and govern AI coding agent activity. The Capsule plugin runs in-process inside the OpenClaw runtime, forwards every hook event to your Capsule tenant over HTTPS, and applies policy verdicts for OpenClaw hooks that support async decisions.
The following hooks are configured:
| Hook Event | Type | Description |
|---|---|---|
| before_tool_call | Blocking | Tool execution requests — can block, rewrite parameters, or require human approval |
| after_tool_call | Observation | Tool execution results after completion |
| before_agent_reply | Blocking | Agent replies before they reach the user — can cancel or substitute a synthetic reply |
| agent_end | Observation | Agent turn completion |
| before_message_write | Synchronous audit | Outbound messages before they are persisted — forwarded for audit; async Capsule verdicts are not applied inline |
| before_install | Blocking | Plugin installation requests — can block untrusted plugins |
| session_start | Observation | Session initialization and context |
| session_end | Observation | Session termination and cleanup |
| before_compaction | Observation | Conversation compaction is about to run |
| after_compaction | Observation | Conversation compaction has completed |
| model_call_started | Observation | Underlying LLM call started |
| model_call_ended | Observation | Underlying LLM call ended |
Before you begin, ensure you have:
- OpenClaw installed (Node.js 18 or later)
- A Capsule Security account with admin access
- Network access from your developer machines to your Capsule agentsecurity endpoint (e.g.
https://agents.capsule.security)
Log in to the Capsule Security portal
Navigate to Integrations and locate OpenClaw
Click Install — Capsule generates a JWT scoped to your tenant and OpenClaw environment. The token contains the tenant and environment claims required by the agentsecurity endpoint; treat it as a secret.
Copy the generated token. You will reference it from your OpenClaw plugin configuration in the next step.
Install the published Capsule plugin in the project or environment where OpenClaw runs:
npm install @capsulesecurity/openclaw-capsuleOr with yarn:
yarn add @capsulesecurity/openclaw-capsuleRegister the plugin in your OpenClaw configuration. The plugin reads its options from the standard OpenClaw plugin config block:
import { capsulePlugin } from "@capsulesecurity/openclaw-capsule";
export default {
plugins: [
{
plugin: capsulePlugin,
config: {
endpoint: "https://agents.capsule.security",
token: process.env.CAPSULE_OPENCLAW_TOKEN,
blockOnRisk: true,
failOpen: true,
timeoutMs: 5000,
allowConversationAccess: false,
},
},
],
};| Option | Type | Default | Description |
|---|---|---|---|
endpoint | string | (required) | Capsule agentsecurity endpoint, e.g. https://agents.capsule.security |
token | string | (required) | JWT generated in Step 1, scoped to your tenant and environment |
blockOnRisk | boolean | true | Apply server block decisions inline. Set to false to run in observe-only mode |
failOpen | boolean | true | When Capsule is unreachable or returns an error, allow the agent to proceed. Set to false to fail closed |
timeoutMs | number | 5000 | Per-request timeout in milliseconds |
allowConversationAccess | boolean | false | When true, forward parsed session JSONL transcript lines to Capsule. Required for full conversation observability and policies that rely on conversation context |
pluginVersion | string | (none) | Optional identifier sent on every event to help the server correlate plugin versions during rollouts |
user | string | process.env.USER | User identifier sent on every event |
Never commit the JWT to version control. Recommended approaches:
- Read the token from an environment variable (
process.env.CAPSULE_OPENCLAW_TOKEN) - Source it from your secret manager (1Password, AWS Secrets Manager, HashiCorp Vault) at runtime
- For MDM-managed deployments, deliver it through the same channel that distributes the OpenClaw configuration
For the plugin to take effect, restart any running OpenClaw sessions:
- Exit OpenClaw
- Restart OpenClaw with the updated configuration
Start a new OpenClaw session and execute a simple task to generate activity:
Create a new file called test.txt with the content "Hello World"Log in to the Capsule Security portal
Navigate to Inventory > Agents and confirm your OpenClaw agent appears
Click on the agent and review the audit logs to verify events are captured:
- Session start event
- Tool execution (Write tool)
- Agent reply
- Session activity
To view the full conversation, navigate to Observability and filter by Activity Type — Session (requires
allowConversationAccess: true)
If events are not appearing:
Verify the endpoint is reachable from the host running OpenClaw:
curl -sS -o /dev/null -w "%{http_code}\n" https://agents.capsule.security/healthVerify the token is set — the plugin will not start without a valid
token. Check the OpenClaw logs for plugin initialization errors.Check for timeouts — if your network has high latency to the Capsule endpoint, increase
timeoutMsor confirmfailOpenis set appropriately.Confirm the plugin is loaded — OpenClaw lists active plugins on startup; the Capsule plugin registers under id
capsule.Inspect OpenClaw logs for hook execution errors. The plugin logs structured warnings when requests fail.
Contact Capsule Security support if issues persist.
The Capsule plugin runs in-process inside OpenClaw and observes every tool call, agent reply, and message write. Before deploying:
- Protect the JWT — anyone with the token can post events on behalf of your tenant. Rotate it through the portal if it is exposed.
- Choose
failOpendeliberately —failOpen: true(the default) prioritizes developer productivity;failOpen: falseprioritizes policy enforcement and will block agent activity when Capsule is unreachable. - Decide on conversation access explicitly —
allowConversationAccess: trueforwards session transcript lines to Capsule. Enable this only after reviewing the data residency and retention implications with your security and privacy teams. - Pin a plugin version in production. Use a lockfile (
package-lock.json/yarn.lock) and review changelogs before upgrading. - Use TLS-only endpoints. The plugin sends a Bearer token on every request — never configure an
http://endpoint.
For help with this integration:
- Email: support@capsule.security
- Include: Your organization ID, integration status, plugin version, and any error messages