Sunglasses is a filter that sits ahead of your OpenClaw agent. Always ON. Every chat message, web fetch, tool result, or cron-triggered input OpenClaw reads — the filter scans first. This page walks through the OpenClaw MCP wiring.
Who this page is for
OpenClaw users running the personal AI agent platform (openclaw.ai, created by @steipete) that connects to you via WhatsApp, Telegram, Discord, Slack, iMessage, Matrix, and more. OpenClaw ships native MCP support — Sunglasses registers as an outbound MCP server your agent can call. Complements OpenClaw's own pattern matching, XML boundary wrapping, and unicode homoglyph folding.
The command
openclaw mcp set sunglasses '{"command":"python","args":["-m","sunglasses.mcp"]}' # Verify: openclaw mcp list openclaw mcp show sunglasses
Register Sunglasses as an OpenClaw MCP server. OpenClaw has a native mcp subsystem. One command registers Sunglasses as an MCP server — your agent now has the scan tool available across every chat channel, cron job, and persistent task.
Benefit: OpenClaw already protects against common injection patterns. Sunglasses adds 313 patterns across 49 categories on top, including encoded-attack evasion, memory poisoning, and cross-agent injection — things pattern-matching alone misses.
Install Sunglasses first
If you haven't installed Sunglasses on your machine yet, do this first in a fresh terminal:
python3 -m venv sunglasses-env
source sunglasses-env/bin/activate
pip install --upgrade sunglasses
On modern macOS and many Linux systems, your system Python may block direct installs. A small virtual environment keeps the install clean. Windows: replace source sunglasses-env/bin/activate with sunglasses-env\Scripts\activate.
Full walkthrough in progress. The core command and identity are ready. Detailed step-by-step screenshots, real-world attack examples, and troubleshooting are being added.
FAQ
How do I add Sunglasses to OpenClaw?
Run openclaw mcp set sunglasses with a JSON config pointing to 'python' with args ['-m', 'sunglasses.mcp']. OpenClaw v2026.4.20+ picks up the registration immediately — your agent has the scan tool on the next cycle.
Does OpenClaw already do prompt injection detection?
Yes — OpenClaw has built-in regex pattern matching, XML boundary wrapping, unicode homoglyph folding, and invisible-character stripping. Sunglasses complements this with 313 patterns covering encoded attacks, memory poisoning, cross-agent injection, and 23 languages.
What version of OpenClaw supports this?
Native MCP support has been in OpenClaw for several releases; v2026.4.20 is the latest verified. CalVer ships almost daily — check openclaw.ai for current.
Does Sunglasses work with all OpenClaw chat channels?
Yes. OpenClaw's agent sees every channel through the same runtime — WhatsApp, Telegram, Discord, Slack, Mattermost, iMessage via BlueBubbles, Matrix. The filter scans inputs before the agent acts, regardless of the channel.
Is the filter local?
Yes. Sunglasses runs locally alongside OpenClaw's Gateway. No cloud, no API key, no telemetry. OpenClaw already runs self-hosted — Sunglasses fits the same model.
Where this wiring fits
Sunglasses is one filter with many wiring options. This page covers OpenClaw. Other wiring paths:
- Claude Code / Claude Desktop
- NemoClaw (NVIDIA)
- Cursor
- Cline (VS Code)
- Windsurf
- Zed
- Warp terminal
- Hermes-Agent (Nous)
- LangChain
- CrewAI
- Microsoft AutoGen
- OpenAI Agents SDK
- Custom Python agent
Same filter underneath. Different wiring based on your stack.