Real-time LLM Scanning for OpenClaw — Defence at the Pipeline Level

ShieldCortex has always scanned content when it's written to memory. The hook integration intercepts addMemory() calls and runs them through the defence pipeline before anything reaches the database.

But memory writes are only half the picture. What about the prompt that triggered the response? What about the LLM output that contains a decision worth remembering?

Today we're releasing the ShieldCortex Real-time Plugin for OpenClaw v2026.2.15+. It hooks into the LLM pipeline itself — scanning every input for threats and auto-extracting memories from every output.

Why Scan the Pipeline, Not Just Memory?

The existing hook integration protects storage. It answers: "is this content safe to remember?" That's essential, and it's not going away.

The real-time plugin protects the conversation. It answers two different questions:

1. Is this input dangerous? — Before the LLM even sees a prompt, the plugin scans user messages and recent history for injection attempts, encoded payloads, and privilege escalation patterns.
2. Did the output contain something worth remembering? — After the LLM responds, the plugin pattern-matches for architecture decisions, bug fixes, learnings, and preferences — and saves them automatically.

The two integrations are complementary. The hook catches bad content at the storage boundary. The plugin catches it at the conversation boundary and captures good content you'd otherwise lose.

How It Works

The plugin registers two event handlers:

llm_input — Threat Scanning

When OpenClaw is about to send a prompt to an LLM, the plugin:

1. Extracts the user prompt and the last 5 user messages from history
2. Filters out internal OpenClaw content (boot checks, heartbeats, system prompts)
3. Runs each message through the ShieldCortex defence pipeline
4. Logs any threats to ~/.shieldcortex/audit/
5. Optionally syncs threat data to your Cloud dashboard

All of this happens in a fire-and-forget async function. It never blocks the LLM call. If the scan takes too long or fails, the conversation continues uninterrupted.

llm_output — Memory Extraction

When the LLM responds, the plugin scans the assistant's output for patterns that indicate valuable knowledge:

When a match is found, the plugin extracts up to 3 memories per response and saves them through the ShieldCortex MCP server. These memories go through the full defence pipeline before storage — so auto-extracted content gets the same protection as manually saved content.

Setup

Install the OpenClaw hook and the standalone real-time plugin together:

The session hook comes from the main shieldcortex package. The real-time plugin ships as @drakon-systems/shieldcortex-realtime. Existing wrapper installs can keep using shieldcortex openclaw install.

Requirements

• OpenClaw v2026.2.15+ — the llm_input and llm_output plugin hooks are new in this release
• ShieldCortex installed — globally via npm i -g shieldcortex, or the plugin falls back to npx
• mcporter — used for MCP-based memory saves (auto-resolved via npx)

Hook vs Plugin — Use Both

A common question: "do I need both the hook and the plugin?" Yes.

The hook is your last line of defence — nothing poisoned gets stored. The plugin is your early warning system — threats are flagged before they even reach the LLM, and valuable knowledge is captured the moment it appears.

Audit Trail

Everything the plugin does is logged to ~/.shieldcortex/audit/realtime-YYYY-MM-DD.jsonl — one JSON object per line. Threat detections include the session ID, model, reason, and a content preview. Memory extractions log the count and timestamp.

If you've configured Cloud sync, threat detections are also posted to your Cloud dashboard. Memory extractions stay local.

Get Started

If you're already running ShieldCortex with OpenClaw, the plugin is a 2-line config change. If you're new, start with the full setup guide.

Read the plugin documentation for the complete reference.