npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@1claw/plugin-elizaos

v0.2.0

Published

1Claw vault + Intents signing for elizaOS agents — HSM-backed secrets, EVM/Solana/BTC/XRP/Cardano/Tron signing, optional Shroud TEE LLM proxy.

Readme

@1claw/plugin-elizaos

HSM-backed secrets and multi-chain signing for elizaOS agents via 1Claw.

Your agent gets vault access and signing keys without ever seeing private keys or holding credentials in context.

Install

npm install @1claw/plugin-elizaos
# or
bun add @1claw/plugin-elizaos

Quick Start

New to 1Claw? Run bootstrap first to create a vault, agent, and policy with a human 1ck_ key, then use the generated ocv_ key below.

Add to your character's plugins:

{
  "name": "my-agent",
  "plugins": ["@1claw/plugin-elizaos"],
  "settings": {
    "secrets": {
      "ONECLAW_AGENT_API_KEY": "ocv_your_key_here"
    }
  }
}

The plugin authenticates on boot, discovers the agent's vault, and injects secret paths and signing keys into context each turn.

Bootstrap (first-time setup)

Use a human API key (1ck_... from 1claw.xyz/dashboard → API Keys) only to create a vault, agent, and access policy. The script never writes the human key to disk — only the one-time agent key (ocv_...) is saved.

git clone https://github.com/1clawAI/1claw-elizaos-plugin.git
cd 1claw-elizaos-plugin
npm install

# Provision vault + agent + policy (human key used once, in memory only)
ONECLAW_HUMAN_API_KEY=1ck_your_key_here npm run bootstrap

# Optional: enable Intents API signing at create time
ONECLAW_HUMAN_API_KEY=1ck_... ONECLAW_ENABLE_INTENTS=true npm run bootstrap

Outputs:

  • .env.elizaos — agent-only env vars (ONECLAW_AGENT_API_KEY, ONECLAW_AGENT_ID, ONECLAW_VAULT_ID)
  • Terminal — one-time ocv_... key and a character JSON snippet

Environment variables (bootstrap):

| Variable | Default | Description | |---|---|---| | ONECLAW_HUMAN_API_KEY | (prompt) | Human key 1ck_...setup only, not stored | | ONECLAW_AGENT_NAME | elizaos-agent | Agent display name | | ONECLAW_VAULT_NAME | elizaos-vault | Vault name | | ONECLAW_POLICY_PATH | ** | Glob for granted secret paths | | ONECLAW_ENABLE_INTENTS | false | Set true to enable transaction signing | | ONECLAW_OUTPUT_FILE | .env.elizaos | Where to write agent credentials | | ONECLAW_BASE_URL | https://api.1claw.xyz | API base URL |

Validate agent credentials after bootstrap:

export $(grep -v '^#' .env.elizaos | xargs)
npm run validate

Configuration

| Variable | Required | Default | Description | |---|---|---|---| | ONECLAW_AGENT_API_KEY | Yes | — | Agent API key from 1claw.xyz/dashboard, format ocv_... | | ONECLAW_AGENT_ID | No | auto | Override auto-discovery (rarely needed) | | ONECLAW_VAULT_ID | No | auto | Pin a specific vault when agent has multiple | | ONECLAW_BASE_URL | No | https://api.1claw.xyz | API endpoint | | ONECLAW_USE_SHROUD | No | false | Route through Shroud TEE proxy at shroud.1claw.xyz |

Actions

| Action | Description | |---|---| | GET_SECRET | Fetch a secret by path. Value goes to tool channel, never chat. | | LIST_SECRETS | List available paths (no values). | | PUT_SECRET | Store or update a secret. | | SIGN_MESSAGE | EIP-191 personal sign (agent's signing key never leaves HSM). | | SIGN_TYPED_DATA | EIP-712 structured data signing. | | SIMULATE_TRANSACTION | Tenderly dry-run before broadcasting. | | SUBMIT_TRANSACTION | Sign + broadcast EVM transactions with server-side guardrails. | | LIST_SIGNING_KEYS | Show provisioned chains and public addresses. | | EXECUTE_HTTP | Execute an HTTP request through a pre-configured binding (Pro+, requires execution_intents_enabled). | | LIST_BINDINGS | List available bindings (credential handles for external services). |

Security Model

  • The agent only sees what the human's policies grant. An ocv_ API key has zero access by default — a human must create policies on the 1Claw dashboard.
  • Secret values retrieved via GET_SECRET are returned in the action's data payload but marked [REDACTED] in the user-facing text.
  • Private keys for signing never leave the HSM/TEE. The agent submits intents; 1Claw signs server-side.
  • Per-agent guardrails (address allowlists, value caps, daily limits, chain restrictions) are enforced server-side before any signing occurs.

Example Character

{
  "name": "DeFi Agent",
  "plugins": ["@1claw/plugin-elizaos"],
  "bio": "I manage on-chain positions using 1Claw for secure signing.",
  "settings": {
    "secrets": {
      "ONECLAW_AGENT_API_KEY": "ocv_abcdef123456"
    }
  }
}

Development

git clone https://github.com/1clawAI/1claw-elizaos-plugin.git
cd 1claw-elizaos-plugin
npm install
npm run build
npm test
chmod +x scripts/*.sh

# Live bootstrap test (needs ONECLAW_HUMAN_API_KEY or ADMIN_EMAIL+ADMIN_PASSWORD in repo root .env)
npm run test:integration

Execution Intents (v0.2)

Execution Intents let agents make HTTP calls to external services through pre-configured bindings. Credentials are stored server-side and never exposed to the agent.

Requirements: execution_intents_enabled must be toggled on for the agent, and the org needs a Pro+ subscription.

{
  "execution": {
    "binding": "github-api",
    "method": "GET",
    "path": "/user/repos"
  }
}

Bindings are created by humans via the dashboard or SDK — agents can only list and use them.

Roadmap

  • Treasury wallet actions (delegated-treasury flow)
  • Platform API actions (multi-tenant provisioning)
  • Shroud as model-provider plugin (plugin-1claw-shroud)
  • CMEK / MPC client-share handling

Links

License

MIT