PortKeep — OpenClaw Plugin
Port management and security auditing for self-hosted infrastructure.
Discover, claim, and audit every listening port across local and remote nodes. Detect drift, score attack surface, and cross-reference against live threat intelligence.
Tools
| Tool | Description |
|---|---|
portkeep_scan | Discover all listening ports (local or remote nodes via SSH) |
portkeep_audit | Full security audit — exposure score, risk flags, C2/KEV matches |
portkeep_drift | Compare declared vs actual ports, report rogue/ghost/mismatch |
portkeep_claim | Register a port as expected/owned |
portkeep_list | List claimed ports with filters (node, state, bind, service) |
portkeep_sync | Pull threat intel from CISA KEV, Feodo, EPSS, etc. |
Requirements
- PortKeep binary must be installed and on PATH. Download from GitHub Releases.
# Linux amd64
curl -sL https://github.com/jchandler187/portkeep/releases/latest/download/portkeep_linux_amd64 -o portkeep
chmod +x portkeep && sudo mv portkeep /usr/local/bin/
# macOS Apple Silicon
curl -sL https://github.com/jchandler187/portkeep/releases/latest/download/portkeep_darwin_arm64 -o portkeep
chmod +x portkeep && sudo mv portkeep /usr/local/bin/
Install
openclaw plugins install clawhub:portkeep
Configuration
Set binaryPath in plugin config if portkeep is not on PATH:
{
"portkeep": {
"binaryPath": "/usr/local/bin/portkeep"
}
}
Multi-node support
PortKeep scans remote nodes via SSH key auth. No agent needed on remotes.
portkeep node add node2 192.168.1.86 --user user
portkeep scan --node node2
portkeep audit --all
Links
- GitHub: https://github.com/jchandler187/portkeep
- ClawHub: https://clawhub.ai/jchandler187/portkeep
- CLI docs: https://github.com/jchandler187/portkeep#readme
License
MIT