Your AI intern working from AM to PM.
Protecting crypto communities the apM way, powered by the apM Claw engine.
Built on OpenClaw, Rebuilt for Crypto Security
apM Claw is an independent project inspired by OpenClaw's memory-context architecture (MIT License). However, less than 10% of the original codebase remains—this is a ground-up rebuild focused on Telegram spam defense.
What Changed:
- OpenClaw: General-purpose agent framework (Slack, Discord, Web UI, Telegram)
- apM Claw: Telegram-only security appliance for crypto communities
- Removed: 80% of features (cron, browser, sessions, subagents, image generation, multi-platform support, Docker)
- Added: Spam forwarding, crypto-specific threat detection, code-level admin verification
PM-E's Journey:
- Since 2023: PM-E served as apM community's guardian
- 2025: Rebuilt from scratch as a specialized security tool
PM-E is a purpose-built security appliance for Telegram crypto communities. Our core principle:
LLMs cannot be trusted with authorization decisions.
Real protection happens in TypeScript code and Telegram API calls, not system prompts.
1. Attack Surface Reduction
- 6 tools only:
message,spam_delete,memory_search,memory_get,web_search,web_fetch - Removed:
browser,subagents,sessions_*,cron,image,session_status,memory_save, Docker support
2. Code-Level Authorization
// Admin verification via Telegram API (not prompts)
const member = await telegram.getChatMember(chatId, userId);
const isAdmin = ["administrator", "creator"].includes(member.status);3. Spam Handling
- Certain spam →
spam_delete(forward to archive + delete) - Uncertain spam → ignored silently (admin handles manually)
4. Group Access Control
groupPolicy: "allowlist"— only responds in registered groups- Spam archive chat middleware filter — prevents re-detection loop of forwarded spam
- Pre-startup message filter — ignores messages queued during downtime
5. Network Security
- HTTPS-only, local network blocking (
127.0.0.0/8,10.0.0.0/8,192.168.0.0/16)
Implemented:
- Silent spam deletion via
spam_delete(certain spam) - Role-based admin exemption (code-level, not prompt-level)
- Spam archive forwarding before deletion
- Startup chat title + admin status logging
In Development:
- User-level sanctions (ban/mute for repeat offenders)
- Surge detection with auto "Slow Mode"
PM-E defends crypto communities against:
- Coordinated spam waves (50+ accounts)
- Phishing campaigns (wallet drainers, airdrop scams)
- Impersonation attacks (Unicode tricks)
- Pump-and-dump shilling
pnpm install
pnpm buildManaged via GitHub Secrets (.env + config/apmclaw.json auto-generated on deploy):
# Run with PM2
pm2 start dist/entry.mjs --name apmclaw -- gateway --bind lan --allow-unconfigured --port 18790Auto-deployed via GitHub Actions (deploy-dev.yml, deploy-prod.yml):
- dev: push to
devbranch → port 18789 - prod: push to
mainbranch → port 18790
PM-E's behavior is defined by templates in docs/reference/templates/:
SOUL.md- Identity and communication styleAGENTS.md- Operation guidelines and spam patternsTOOLS.md- Available capabilitiesMEMORY.md- apM project wiki (links, news, exchanges)
These are auto-generated to workspace/ on first run.
As an evolving project, PM-E grows through community interaction and open-source contributions. Check our repository: https://github.com/apmcoin/apmclaw
Made with the apM way
Protect the community with intelligence, humility, and proactive silence.