mallcop

What mallcop looks for

Mallcop patrols your building on a schedule. It knows who belongs, what's normal, and what deserves a closer look. Here's what it checks for - and how it picks up new tricks on the job.

Mallcop's patrol checklist

No AI involved at this stage. Just rules compared against what's normal.

Suspicious behavior

Is someone doing something they shouldn't?

Someone new shows up
A user, bot, or API key that's never been seen before. Most are expected onboarding. Triage resolves those automatically. The ones that aren't get escalated.
new-actor
Somebody got promoted
New admin role, new repo owner, new org-level permissions. High signal. Almost always worth looking at, even when it's legit.
priv-escalation
Someone's hammering the door
A burst of failed logins in a short window. Mallcop checks the pattern and tells you if it's fat fingers or something worse.
auth-failure-burst
Activity at a weird hour
A 9-to-5 account doing things at 3am. The baseline knows whether this person works late sometimes or never has before.
unusual-timing
Way more traffic than normal
Event volume spiked 10x for a source. If there was a deploy, that's probably why. If there wasn't, that's a problem.
volume-anomaly
Someone's poking around new places
A known account touching resources it's never touched before. A developer who's never been near the secrets store suddenly querying it.
unusual-resource-access

Your own mistakes

Did your team leave a door open?

Someone left their keys out
API keys, tokens, or credentials committed to a repo. Scans git history, not just the latest commit. Happens to everyone eventually. Mallcop reduces the window between exposure and discovery.
git-oops
Something got shared with the outside
An external account was granted access to an internal resource for the first time. Cross-account grants, new service accounts, unexpected access expansions.
new-external-access
Logs changed shape
A service updated and its log format shifted. The parser needs to know either way, but tampering looks different from an upgrade.
log-format-drift

Watching the perimeter

Is something messing with mallcop itself, or showing up outside your walls?

Something's trying to mess with the AI
Prompt injection patterns in usernames, commit messages, or resource names. Caught at ingest, flagged, never reaches the LLM.
injection-probe
An AI agent is doing something sketchy
Mallcop monitors OpenClaw AI agent installations for known malicious skill patterns, IOC signatures, and insecure gateway configurations. If a skill doesn't match its manifest or the gateway is misconfigured, that's a finding.
malicious-skill + openclaw-config-drift

Mallcop learns on the job

When mallcop keeps seeing something suspicious that no check covers, it writes a new one. Every change goes through Mallcop Academy - the validation framework that proves the new check actually works. You decide how much autonomy to give it.

Human in the loop
The default. Mallcop drafts changes and tests them, but nothing goes live until you approve. You can delegate for a single cycle or permanently.
Free run
Opt in to let mallcop deploy validated changes on its own. Every change still graduates from the academy. You're choosing to trust the process and take responsibility for what ships.
Fixes its own blind spots
When log formats drift, the heal actor proposes parser patches automatically. Review them with mallcop heal or let them auto-apply if you trust the process.
Writes new detectors
Spots a pattern no existing check catches? Mallcop drafts a detector for it. The longer it patrols, the more it knows.
Remembers who's who
Entity reputation tracking scores every actor, IP, and service account over time. Findings from a trusted entity look different from findings from an unknown one. Reputation decays toward neutral over 30 days.
Watches its own work
Either way, mallcop monitors its own extensions. A plugin that exceeds its permissions or drifts from expected behavior gets written up like anything else.

Mallcop's beat

Eight platforms out of the box. Learns new ones.

Azure
Activity Log, Entra ID, Container Apps, Cosmos DB, Defender
  • Role assignments & permission changes
  • Service principal creation
  • Key Vault access
  • Container app logs
AWS
CloudTrail audit log. IAM, S3, Lambda, security groups
  • IAM changes & key rotations
  • Security group modifications
  • Console logins
GitHub
Org audit log, Dependabot alerts, secret scanning, Actions
  • Org membership changes
  • Repo permission changes
  • Secret scanning alerts
  • Dependabot advisories
  • Actions workflow runs
  • Deploy key management
Microsoft 365
Unified Audit Log. Azure AD, Exchange, SharePoint, DLP
  • Sign-in events
  • Admin actions
  • Exchange mail rule changes
Container Logs
Docker and Kubernetes stdout/stderr via Log Analytics
  • Application log lines
  • Error bursts
  • Log format anomalies
  • Scaled-to-zero app logs
Vercel
Deployment logs, audit log, team membership events
  • Deployment events
  • Team membership changes
  • Environment variable modifications
Supabase
Auth audit logs, project config, edge functions
  • Auth events (sign-in, sign-up, token refresh)
  • Project configuration changes
  • Edge function deployments
OpenClaw
AI agent skill integrity, behavior monitoring, gateway security
  • Skill installation & modification
  • Gateway configuration changes
  • Agent behavior anomalies
Get Started → How It Works