Skip to main content
Feel free to paste the link to this page into CC/codex and tell it to run security tests on your OpenClaw!

Install the CLI

npm install -g @archal/cli
Requires Node.js 20 or later. Docker for OpenClaw testing

Authenticate

Log in to your Archal account from the terminal: 
archal login
This opens a browser window to approve the CLI. Once approved, your token is saved locally. Alternatively, create an API key from the dashboard and set it as an environment variable: 
export ARCHAL_TOKEN=archal_...

Run your first scenario

The recommended first run is an OpenClaw sandboxed security scenario: 
archal openclaw run scenarios/security-suite/exec-impersonation.md \
  -n 3
archal openclaw run uses the OpenClaw sandbox path with hosted twins. By default it uses your local ~/.openclaw setup. If you use a remote gateway instead, run archal openclaw connect first. This path will:
  1. Parse the scenario
  2. Create a hosted cloud twin session
  3. Execute OpenClaw in the sandbox against the hosted twins
  4. Evaluate each run against the success criteria
  5. Print a satisfaction report

Run more security scenarios

The full security suite is documented in the scenario library: 
archal openclaw run scenarios/security-suite/vendor-wire-override.md
See the scenario library for more OpenClaw-first security runs.

Init a project

archal init my-agent-tests
cd my-agent-tests
This creates a directory with a sample scenario, a .archal.json config file, and an optional starter agent.ts for later custom harness work.

Check your setup

Run the doctor command to verify everything is configured correctly: 
archal doctor
archal doctor checks hosted-session auth and highlights whether local or bundled runs still need direct model credentials.

Next steps