@pmatrix/openclaw-monitor v0.3.3 — runtime safety layer for OpenClaw agents

[PMATRIX-Architect]

What I noticed

When running OpenClaw agents on longer tasks, I had no visibility into whether behavior was drifting over time. Individual tool calls were visible, but risk accumulating across a session — not a single catastrophic action, but a pattern — had no way to be caught early.

What this plugin does

Three enforcement layers, running on every tool call:

Safety Gate — intercepts before_tool_call events before execution. Uses a continuous risk score R(t) across five safety modes:

R(t) range	Mode	HIGH-risk tool	MEDIUM-risk tool	LOW-risk tool
0.00 – 0.15	Normal	Allow	Allow	Allow
0.15 – 0.30	Caution	Confirm	Allow	Allow
0.30 – 0.50	Alert	Confirm	Allow	Allow
0.50 – 0.75	Critical	Block	Confirm	Allow
>= 0.75	Halt	Block	Block	Block

HIGH-risk tools: bash, exec, browser, computer, terminal. Patterns like rm -rf, sudo, curl | sh are blocked immediately regardless of R(t).

Credential scan — intercepts message_sending events and blocks outbound messages containing API keys or secrets. Covers 11 patterns: OpenAI, Anthropic, AWS, GitHub tokens, PEM keys, and more.

Kill Switch — when R(t) >= 0.75, the agent is automatically halted. All subsequent tool calls are blocked until you run /pmatrix resume.

What it doesn't do

Content-agnostic by design. The plugin never reads or transmits your prompts, responses, or file contents — only behavioral metadata: tool names, call counts, timing, and pattern match types.

Install

npm install -g @pmatrix/openclaw-monitor
pmatrix setup

Hooks register automatically. Dashboard at https://app.pmatrix.io.

---

Happy to answer questions about the hook architecture or scoring model.