nox-openclaw-hunter 1.0.1 → 1.0.3

package/README.md

@@ -1,9 +1,11 @@
-![OpenClaw Hunter](./repo.png)
+![OpenClaw Hunter](https://github.com/Arampc/OpenClaw-Hunter/raw/HEAD/crab_repo.jpeg)
 
 # OpenClaw Hunter
 
 **Hunt, purge, and isolate OpenClaw AI agents across your fleet.**
 
+*TL;DR — This tool works with all MDMs or locally on your endpoint: use **npm** for local install and **scripts** for MDM deployment.*
+
 ---
 
 ## Installation
@@ -12,7 +14,8 @@
 npm install -g nox-openclaw-hunter
 ```
 
-Or from source:
+<details>
+<summary><strong>Or from source</strong></summary>
 
 ```bash
 git clone https://github.com/Arampc/OpenClaw-Hunter.git
@@ -20,6 +23,22 @@ cd OpenClaw-Hunter
 npm install && npm run build && npm link
 ```
 
+</details>
+
+<details>
+<summary><strong>Deploy via MDM (scripts)</strong></summary>
+
+Deploy via your MDM (Jamf, Intune, JumpCloud) using the script sources below. Upload the script to your MDM as a command/policy, then assign to device groups. See [MDM Deployment](#mdm-deployment) for platform-specific steps.
+
+| Script | Platform | Source |
+|--------|----------|--------|
+| **Scan (detect)** | macOS / Linux | [nox-scan.sh](scripts/nox-scan.sh) |
+| **Scan (detect)** | Windows | [nox-scan.ps1](scripts/nox-scan.ps1) |
+| **Purge** | macOS / Linux | [nox-purge.sh](scripts/nox-purge.sh) |
+| **Purge** | Windows | [nox-purge.ps1](scripts/nox-purge.ps1) |
+
+</details>
+
 > Requires Node.js 18+
 
 ---
@@ -37,6 +56,61 @@ nox scan --json             # Output as JSON
 nox scan --yaml             # Output as YAML
 ```
 
+**Example output** (when OpenClaw is detected):
+
+```
+┌────────────────────┬──────────────────────────────────────────────────┐
+│ Status             │ Installed & Running                              │
+├────────────────────┼──────────────────────────────────────────────────┤
+│ Hostname           │ {Hostname}                                       │
+├────────────────────┼──────────────────────────────────────────────────┤
+│ Platform           │ {Type}                                           │
+├────────────────────┼──────────────────────────────────────────────────┤
+│ Timestamp          │ 2026-02-04T13:35:09.008Z                         │
+└────────────────────┴──────────────────────────────────────────────────┘
+
+Detection Details:
+┌───────────────┬───────────────┬────────────────────────────────────────┐
+│ Component     │ Status        │ Details                                │
+├───────────────┼───────────────┼────────────────────────────────────────┤
+│ CLI Binary    │ Found         │ /Users/{path}                          │
+├───────────────┼───────────────┼────────────────────────────────────────┤
+│ App Bundle    │ {}            │ -                                      │
+├───────────────┼───────────────┼────────────────────────────────────────┤
+│ State Dir     │ Found         │ /Users/{path}/.openclaw                │
+├───────────────┼───────────────┼────────────────────────────────────────┤
+│ Config        │ Found         │ /Users/{path}/.openclaw/opencl…        │
+├───────────────┼───────────────┼────────────────────────────────────────┤
+│ AI Model      │ Configured    │ google/gemini-3-flash-preview (e.g.)   │
+├───────────────┼───────────────┼────────────────────────────────────────┤
+│ Autonomous    │ ENABLED       │ Agent has autonomous execution         │
+├───────────────┼───────────────┼────────────────────────────────────────┤
+│ Service       │ Running       │ ai.openclaw.gateway                    │
+├───────────────┼───────────────┼────────────────────────────────────────┤
+│ Gateway       │ Listening     │ Port 18789                             │
+├───────────────┼───────────────┼────────────────────────────────────────┤
+│ Docker        │ Not found     │ -                                      │
+└───────────────┴───────────────┴────────────────────────────────────────┘
+
+Agent Permissions:
+┌──────────────────────────────────────────────────┐
+│ Granted Permissions                              │
+├──────────────────────────────────────────────────┤
+│ workspace: /Users/{path}/.openclaw/works…        │
+└──────────────────────────────────────────────────┘
+
+Running Processes:
+┌──────┬──────────────────┬──────┬─────────┐
+│ PID  │ Name             │ User │ Memory  │
+├──────┼──────────────────┼──────┼─────────┤
+│ 6688 │ openclaw-gateway │ -    │ 385.1MB │
+├──────┼──────────────────┼──────┼─────────┤
+│ 4861 │ openclaw         │ -    │ 54.9MB  │
+├──────┼──────────────────┼──────┼─────────┤
+│ 4888 │ openclaw-onboard │ -    │ 381.8MB │
+└──────┴──────────────────┴──────┴─────────┘
+```
+
 ### `nox purge`
 
 Purge all OpenClaw components from the system.
@@ -47,6 +121,34 @@ sudo nox purge              # Execute purge
 sudo nox purge --force      # Skip confirmation
 ```
 
+**Example output** (after a successful purge):
+
+```
+Enforcement Results:
+
+┌────────────────┬────────────────────────────────┬──────────┬────────────┐
+│ Action         │ Target                         │ Status   │ Details    │
+├────────────────┼────────────────────────────────┼──────────┼────────────┤
+│ process-kill   │ openclaw-gateway               │ Success  │            │
+├────────────────┼────────────────────────────────┼──────────┼────────────┤
+│ process-kill   │ openclaw                       │ Success  │            │
+├────────────────┼────────────────────────────────┼──────────┼────────────┤
+│ process-kill   │ openclaw-onboard               │ Success  │            │
+├────────────────┼────────────────────────────────┼──────────┼────────────┤
+│ service-stop   │ ai.openclaw.gateway            │ Success  │            │
+├────────────────┼────────────────────────────────┼──────────┼────────────┤
+│ binary-remove  │ /usr/local/bin/openclaw        │ Success  │            │
+├────────────────┼────────────────────────────────┼──────────┼────────────┤
+│ config-remove  │ /Users/{user}/.openclaw        │ Success  │            │
+└────────────────┴────────────────────────────────┴──────────┴────────────┘
+
+Summary:
+  Total: 6
+  Success: 6
+  Failed: 0
+  Skipped: 0
+```
+
 ### `nox isolate`
 
 Isolate the device by blocking ports, quarantining files, and preventing reinstallation.
@@ -86,15 +188,73 @@ nox export --platform jumpcloud --mode detect --webhook https://siem.example.com
 
 ---
 
-## Webhook Integration
+## MDM Deployment
 
-Send results to your SIEM or alerting system:
+OpenClaw Hunter can be deployed across your fleet via **MDM (Mobile Device Management)**. Use `nox export` to generate scripts (or download the scripts `nox-scan`, `nox-purge.sh`), then add them to your MDM.
 
-```bash
-nox scan --webhook https://siem.example.com --webhook-token SECRET
-nox purge --webhook https://siem.example.com --webhook-token SECRET
-nox isolate --webhook https://siem.example.com --webhook-token SECRET
-```
+**Supported MDMs:**
+
+| MDM | Platforms | Modes |
+|-----|-----------|--------|
+| **Jamf** | macOS | detect, purge |
+| **Intune** | Windows, macOS | detect, purge |
+| **JumpCloud** | Windows, macOS, Linux | detect, purge (enforce) |
+
+**JumpCloud**
+
+![JumpCloud Commands](docs/jumpcloud.jpeg)
+
+<details>
+<summary><strong>Step-by-step: add the script to JumpCloud</strong></summary>
+
+**Step 1 — Use the scripts**
+
+Use `nox-scan.sh` and `nox-scan.ps1` for detection, and `nox-purge.sh` and `nox-purge.ps1` for purge.
+
+---
+
+**Step 2 — Create a command in JumpCloud**
+
+| # | What to do |
+|---|------------|
+| 1 | In JumpCloud go to **Device Management → Commands**. |
+| 2 | Click **+** (Add Command). |
+| 3 | **Name:** e.g. `Nox OpenClaw Detection (macOS)`. |
+| 4 | **Command:** Paste the full contents of `nox-scan.sh`. |
+| 5 | **Command Type:** **Mac** (or **Linux** / **Windows** for the matching script). |
+| 6 | **Run As:** **Root** (required for full detection). |
+| 7 | **Timeout:** **120** seconds. |
+| 8 | **Launch Options:** Trigger (e.g. `nox-openclaw-detect`) or **Schedule** (e.g. daily). |
+| 9 | Click **Save**. |
+
+---
+
+**Step 3 — Repeat for each OS (and optionally purge)**
+
+| OS | Command type | Script |
+|----|--------------|--------|
+| macOS | Mac | `nox-scan.sh` |
+| Linux | Linux | `nox-scan.sh` |
+| Windows | Windows, Shell = PowerShell, Run As = Administrator | `nox-scan.ps1` |
+
+For **purge**, use `nox-purge.sh` / `nox-purge.ps1`; set **Timeout** to **300** seconds.
+
+---
+
+**Step 4 — Assign to devices**
+
+Open the command → **Device Groups** or **Systems** tab → select the groups or systems → **Save**.
+
+---
+
+**Step 5 — Run the command**
+
+- **Manual run:** Open the command → **Systems** tab → select one or more systems → **Run** (or use **Run** from the Commands list).  
+- **Scheduled:** If you set a **Schedule** in Step 2, the command runs automatically (e.g. daily).  
+- **Trigger:** If you set a **Trigger**, run it via the JumpCloud API using the trigger name.  
+- **View results:** Open the command → **Results** tab to see exit codes and output per system (e.g. `0` = clean, `1` = OpenClaw detected).
+
+</details>
 
 ---
 
@@ -130,4 +290,4 @@ MIT
 
 ---
 
-**OpenClaw Hunter ©**
+**OpenClaw Hunter ©**

package/dist/commands/export.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"export.d.ts","sourceRoot":"","sources":["../../src/commands/export.ts"],"names":[],"mappings":"AAAA;;GAEG;AAaH,UAAU,oBAAoB;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE;QACP,IAAI,IAAI;YAAE,KAAK,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC;KAC7B,CAAC;CACH;AAsxCD;;GAEG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAmFhF"}
+{"version":3,"file":"export.d.ts","sourceRoot":"","sources":["../../src/commands/export.ts"],"names":[],"mappings":"AAAA;;GAEG;AAaH,UAAU,oBAAoB;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE;QACP,IAAI,IAAI;YAAE,KAAK,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC;KAC7B,CAAC;CACH;AAyvDD;;GAEG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAmFhF"}