OpenClaw
Install the Vulnetix security plugin for OpenClaw.
Quick Install
npx skills add Vulnetix/pix-ai-coding-assistant
This installs the Vulnetix security skills into your project’s skills directory.
Prerequisites
Before running the install command:
- Node.js — Required to run
npx. Install from nodejs.org if not already available. - Vulnetix CLI — Install and authenticate following the prerequisites guide.
- jq — Required by plugin hooks for JSON processing. See prerequisites for install instructions.
What Gets Installed
The plugin registers the following into skills:
| Component | Count | Details |
|---|---|---|
| Hooks | 6 | Pre-commit scan, manifest edit gate, post-install scan, session dashboard, stop reminder, vuln context inject |
| Skills | 6 | package-search, exploits, fix, vuln, exploits-search, remediation |
| Commands | 4 | vdb-vuln, vdb-vulns, vdb-exploits-search, vdb-remediation |
| Agents | 1 | bulk-triage — parallel vulnerability triage and prioritization |
Native Hooks
OpenClaw supports hooks via TypeScript handler modules. The plugin ships pre-built hook directories in hooks/ts/openclaw/ with HOOK.md metadata and handler.ts implementations.
The following events are wired up:
| Hook | Event | Action |
|---|---|---|
| Pre-Commit Scan | command | Scan before git commit |
| Manifest Edit Gate | message:preprocessed | Gate manifest edits |
| Post-Install Scan | command | SBOM after package install |
| Session Summary | agent:bootstrap | Vulnerability dashboard |
| Context Inject | message:received | Inject vuln context |
After install, copy the hook directories to your workspace:
cp -r hooks/ts/openclaw/* workspace/hooks/
See Hooks documentation for details on each hook.
Verify Installation
Run the dashboard skill to confirm everything is working:
/vulnetix:dashboard
You should see a vulnerability summary table for your project’s dependencies. If you get an authentication error, re-run vulnetix auth login.
Upgrade
Re-run the install command to pull the latest version:
npx skills add Vulnetix/pix-ai-coding-assistant
This overwrites existing files with the latest version. Your .vulnetix/memory.yaml and cached data are not affected.
Uninstall
Remove the plugin skills:
rm -rf skills
To also remove cached vulnerability data and memory:
rm -rf .vulnetix/