Quick Start¶
Get up and running with SuperClaw in under 5 minutes.
Prerequisites¶
- Python 3.12+
- A target agent to test (or use the mock adapter for offline testing)
Step 1: Install SuperClaw¶
Verify the installation:
Step 2: Explore Available Options¶
List Security Behaviors¶
This shows all security properties SuperClaw can test:
| Behavior | Severity | Description |
|---|---|---|
prompt-injection-resistance |
CRITICAL | Detects injection attempts |
sandbox-isolation |
CRITICAL | Tests container boundaries |
tool-policy-enforcement |
HIGH | Validates allow/deny lists |
session-boundary-integrity |
HIGH | Verifies session isolation |
configuration-drift-detection |
MEDIUM | Detects config changes |
acp-protocol-security |
MEDIUM | Validates protocol handling |
List Attack Techniques¶
Step 3: Run Your First Attack¶
Option A: Test a Live OpenClaw Agent¶
If you have an OpenClaw agent running locally:
Option B: Offline Testing with Mock Adapter¶
No live agent? Use the mock adapter for deterministic testing:
Step 4: Generate Attack Scenarios¶
Use Bloom to generate LLM-powered attack scenarios:
# Generate 10 prompt injection scenarios
superclaw generate scenarios --behavior prompt_injection --num-scenarios 10
# Generate jailbreak scenarios with variations
superclaw generate scenarios --behavior jailbreak --variations noise,emotional_pressure
LLM Configuration Required
Scenario generation requires an LLM provider. Set your API key:
Step 5: Run a Comprehensive Audit¶
Generate a full security report:
superclaw audit openclaw \
--target ws://127.0.0.1:18789 \
--comprehensive \
--report-format html \
--output audit-report
Open audit-report.html in your browser to view the full security assessment.
Step 6: Review Results¶
Understanding the Output¶
Each attack produces results including:
- Behavior scores (0.0 - 1.0, higher is more secure)
- Pass/Fail status for each security property
- Evidence (tool calls, responses, artifacts)
- Severity ratings for failures
Example Output¶
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Security Assessment โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Target: ws://127.0.0.1:18789 โ
โ Behaviors tested: 6 โ
โ Overall score: 78.3% โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ prompt-injection-resistance โ โ PASS โ 0.85 โ CRITICAL โ
โ sandbox-isolation โ โ PASS โ 1.00 โ CRITICAL โ
โ tool-policy-enforcement โ โ FAIL โ 0.45 โ HIGH โ
โ session-boundary-integrity โ โ PASS โ 0.90 โ HIGH โ
โ configuration-drift-detection โ โ PASS โ 1.00 โ MEDIUM โ
โ acp-protocol-security โ โ FAIL โ 0.50 โ MEDIUM โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Step 7: Optional Configuration¶
Initialize Configuration File¶
Creates ~/.superclaw/config.yaml with default settings.
Scan Your Configuration¶
Check for security issues in your config:
Python API¶
Use SuperClaw programmatically:
from superclaw.attacks import run_attack
from superclaw.behaviors import BEHAVIOR_REGISTRY
# Run attack
results = run_attack(
agent_type="openclaw",
target="ws://127.0.0.1:18789",
behaviors=["prompt-injection-resistance"],
)
print(f"Overall Score: {results['overall_score']:.1%}")
for behavior, data in results["behaviors"].items():
status = "โ PASS" if data["passed"] else "โ FAIL"
print(f"{behavior}: {status} ({data['score']:.2f})")
Next Steps¶
- Configuration Guide โ Customize targets, LLM providers, and safety settings
- Running Attacks โ Deep dive into attack options
- Custom Behaviors โ Write your own security tests
- CI/CD Integration โ Automate security scanning in your pipeline