npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agenticensor/algiz

v1.0.4

Published

Algiz security plugin for OpenClaw - detect and defend against agent threats: secret masking, command guard, prompt injection scanner

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

algizalgiz

Keywords

openclawopenclaw-pluginsecuritysecret-maskingcommand-guardprompt-injectionapi-key-protectionagent-security

Readme

Algiz Security

Runtime defense layer for AI agent frameworks. Detects and neutralizes prompt injection, secret exfiltration, malicious command execution, and identity tampering in real time.

License: BUSL-1.1

Why Algiz

AI coding agents operate with broad system access — shell execution, file I/O, network requests, and secret management. This power creates a large and largely unguarded attack surface:

  • Prompt injection via skill files, tool results, or user input can reprogram agent behavior
  • Secret leakage — API keys and tokens in messages, tool results, and environment variables can be exfiltrated
  • Malicious command execution — reverse shells, crypto miners, and privilege escalation via shell access
  • Identity tampering — unauthorized modification of core agent configuration files (SOUL.md, AGENTS.md, MEMORY.md)

Algiz addresses these threats at the framework level, intercepting the agent's data flow at multiple points in its lifecycle.

How It Works

Algiz integrates with OpenClaw as a native plugin, registering 13 hooks across the agent lifecycle. Each hook intercepts data at a specific point — before a prompt is built, before a tool executes, when a message is written, when a result is persisted — applying the appropriate defense layer.

┌─────────────────────────────────────────────────────┐
│                    Agent Lifecycle                   │
│                                                     │
│  User Input                                        │
│      │                                              │
│      ▼                                              │
│  ┌──────────┐    ┌────────────┐    ┌────────────┐  │
│  │  Prompt   │───▶│  Skill     │───▶│  Soul      │  │
│  │  Injection│    │  Guard     │    │  Guard     │  │
│  │  Scanner  │    │  (4 layers)│    │  (identity)│  │
│  └──────────┘    └────────────┘    └────────────┘  │
│      │                                              │
│      ▼                                              │
│  ┌──────────┐    ┌────────────┐    ┌────────────┐  │
│  │  Secret  │───▶│  Command   │───▶│  Audit     │  │
│  │  Masking │    │  Guard     │    │  Logger    │  │
│  │  + Vault │    │  (shell)   │    │  (JSONL)   │  │
│  └──────────┘    └────────────┘    └────────────┘  │
│      │                                              │
│      ▼                                              │
│  LLM Response ──▶ Tool Execution ──▶ Result Persist │
└─────────────────────────────────────────────────────┘

Defense Layers

Secret Masking & Vault

Detects API keys, tokens, and high-entropy strings in messages and tool results, replacing them with vault placeholders before the LLM can see them. Real values are restored only at tool execution time.

Built-in patterns: OpenAI, Anthropic, AWS, GitHub, Google API keys, and generic secret detection via Shannon entropy analysis.

// openclaw.json
{
  "plugins": {
    "@agenticensor/algiz": {
      "masking": {
        "enabled": true,
        "customPatterns": [
          { "name": "internal-token", "pattern": "TK_[A-Za-z0-9]{32}" }
        ]
      },
      "vault": {
        "enabled": true,
        "encryptionKeySource": "env",
        "encryptionKeyEnvVar": "ALGIZ_VAULT_KEY"
      }
    }
  }
}

Command Guard

Intercepts shell commands before execution. Blocks critical threats outright (rm -rf /, reverse shells, fork bombs), detects data exfiltration attempts (nc, curl uploads, scp), and enforces user approval for medium-risk operations.

| Severity | Examples | Action | |----------|----------|--------| | Critical | rm -rf /, reverse shells, fork bombs | Block immediately | | High | Exfiltration commands (nc, curl \| sh) | Block immediately | | Medium | Privileged operations, network access | Require approval | | Low | Unusual patterns | Log and warn |

Injection Scanner

Scans for prompt injection attacks across multiple vectors:

  • Jailbreak patterns — "ignore previous instructions", role switching, system message spoofing
  • Hidden encoding — zero-width characters, base64-encoded payloads, HTML comments
  • Data exfiltration — credential extraction instructions, env/config dumping
  • Dangerous code — reverse shell templates, crypto miner patterns, privilege escalation

Skill Guard (4-Layer Defense)

Protects the agent's skill system from compromised or malicious skill files:

| Layer | Mechanism | What It Does | |-------|-----------|-------------| | 1 | Skill List Tracking | Monitors skill references in prompts | | 2 | Read Interception | Scans SKILL.md content in real time | | 3 | Content Sanitization | Strips injection patterns from tool results | | 4 | File System Watcher | Detects external SKILL.md modifications |

Layer 2 includes optional LLM verification — a subagent performs semantic analysis to detect threats that evade pattern matching (social engineering, obfuscated instructions, multi-step attacks).

Soul Guard

Protects core agent identity and configuration files from unauthorized modification:

  • Monitors SOUL.md, AGENTS.md, IDENTITY.md, MEMORY.md, openclaw.json
  • Verifies safety anchor statements are present ("do not exfiltrate", "ask before destructive")
  • Hash-based integrity checking with real-time file system watching
  • Scans MEMORY.md writes for prompt injection before persisting

Audit & Behavior Trace

Structured security event logging in JSONL format with configurable retention. The behavior trace subsystem records daily summaries of tool calls, file operations, command execution, and network requests for forensic analysis.

Installation

npm install @agenticensor/algiz

Algiz is an OpenClaw plugin. It activates automatically when installed in your OpenClaw project — no code changes required.

Configuration

All configuration is done through openclaw.json under the plugins.algiz-security key. Every module can be enabled or disabled independently.

Minimal Setup

// openclaw.json
{
  "plugins": {
    "@agenticensor/algiz": {
      "masking": { "enabled": true },
      "commandGuard": { "enabled": true, "mode": "enforce" },
      "skillGuard": { "enabled": true },
      "soulGuard": { "enabled": true },
      "audit": { "enabled": true }
    }
  }
}

Full Reference

See openclaw.plugin.json for the complete configuration schema with all options, defaults, and UI hints.

Threats Defended

| Threat Category | Examples | Defense Layer | |----------------|----------|--------------| | Prompt Injection | "Ignore previous instructions", role hijacking, hidden payloads | Injection Scanner + Skill Guard | | Secret Exfiltration | API key extraction, credential dumping, network upload | Secret Masking + Vault + Command Guard | | Malicious Execution | Reverse shells, crypto miners, fork bombs, privilege escalation | Command Guard | | Identity Tampering | SOUL.md modification, MEMORY.md poisoning, config overwrite | Soul Guard | | Skill Compromise | Malicious SKILL.md, injection in tool results, file tampering | Skill Guard (4 layers) |

License

Business Source License 1.1 (BUSL-1.1)