npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agentkernel/agent-kernel

v0.1.7

Published

Security runtime for AI agents — protect against malicious tools, data theft, and prompt injection

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vijaygopalbvijaygopalb

Keywords

aiai-securityagentagent-securitysecuritysandboxfirewallpolicyopenclawlangchainautogptllmmcptool-useprompt-injectiondata-exfiltrationcapability-tokensaudit-logging

Readme

agentkernel

npm version License: MIT

Security runtime for AI agents — protect against malicious tools, data theft, and prompt injection. Works with OpenClaw, LangChain, and any agent framework.

Installation

npm install -g @agentkernel/agent-kernel

Quick Start

# Initialize a security policy (interactive wizard)
agentkernel init

# Start the security proxy (standalone mode — no gateway needed)
agentkernel start

# Test it
curl http://localhost:18788/health
curl -X POST http://localhost:18788/evaluate \
  -H "Content-Type: application/json" \
  -d '{"tool":"read","args":{"path":"/home/user/.ssh/id_rsa"}}'

CLI Commands

agentkernel init                          # Interactive policy setup wizard
agentkernel init --template balanced      # Non-interactive init
agentkernel start                         # Start in standalone mode (HTTP + WebSocket)
agentkernel start --gateway ws://gw:18789 # Start in proxy mode (intercept gateway traffic)
agentkernel allow "github"                # Allow by known name
agentkernel allow --domain api.example.com  # Allow a domain
agentkernel allow --file ~/my-project     # Allow a file path
agentkernel block "telegram"              # Block by known name
agentkernel block --command "rm -rf*"     # Block a command
agentkernel unblock "telegram"            # Remove block rules
agentkernel policy show                   # Human-readable policy view
agentkernel policy test --domain api.telegram.org  # Dry-run test
agentkernel status                        # Check health (connects to running proxy)
agentkernel audit                         # Query audit logs

Two Modes

Standalone Mode (default)

No gateway needed. Evaluates tool calls via HTTP API and WebSocket:

agentkernel start
# Listening on http://0.0.0.0:18788 (standalone evaluate mode)

Proxy Mode

Intercepts traffic between your agent and a gateway:

agentkernel start --gateway ws://my-gateway:18789

HTTP API

When running in either mode, the following HTTP endpoints are available:

| Endpoint | Method | Description | |----------|--------|-------------| | /health | GET | Health check with uptime and mode | | /evaluate | POST | Evaluate a tool call against policies | | /stats | GET | Live proxy statistics | | /audit | GET | Recent audit log entries |

POST /evaluate

Accepts tool calls in three formats:

# Simple format
curl -X POST http://localhost:18788/evaluate \
  -H "Content-Type: application/json" \
  -d '{"tool":"read","args":{"path":"/home/user/.ssh/id_rsa"}}'

# MCP/JSON-RPC format
curl -X POST http://localhost:18788/evaluate \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":"1","method":"tools/call","params":{"name":"bash","arguments":{"command":"git status"}}}'

WebSocket

Connect to ws://localhost:18788 and send tool calls in OpenClaw, MCP/JSON-RPC, or Simple format.

Programmatic Usage

import { createToolInterceptor, createOpenClawProxy } from '@agentkernel/agent-kernel';
import { normalizeMessage, formatResponse } from '@agentkernel/agent-kernel';

// Create a standalone security proxy
const proxy = await createOpenClawProxy({
  listenPort: 18788,
  policySet: myPolicy,
});

// Intercept tool calls with security policies
const interceptor = createToolInterceptor({
  agentId: 'my-agent',
  policySet: myPolicy,
  onBlocked: (call) => console.log('Blocked:', call.tool),
});

const result = await interceptor.intercept({ tool: 'read', args: { path: '/etc/passwd' } });
// result.allowed === false

Policy Management

import {
  resolveTarget,
  addAllowRule,
  addBlockRule,
  generatePolicyFromTemplate,
  summarizePolicy,
  testPolicy,
} from '@agentkernel/agent-kernel';

// Resolve natural language to policy patterns
const target = resolveTarget("telegram");
// { type: "domain", patterns: ["api.telegram.org", "*.telegram.org"], knownMalicious: true }

// Generate a policy from template
const yaml = generatePolicyFromTemplate({ template: "balanced", projectFolder: "~/my-project" });

// Test what the policy would do
const result = await testPolicy("~/.agentkernel/policy.yaml", { domain: "api.telegram.org" });
// { decision: "block", reason: "Data exfiltration channel" }

Cross-Domain Security

Shell commands that access files are automatically cross-checked against file policies:

curl -X POST http://localhost:18788/evaluate \
  -H "Content-Type: application/json" \
  -d '{"tool":"bash","args":{"command":"cat ~/.ssh/id_rsa"}}'
# → BLOCKED: Shell command "cat" accesses blocked file

Even though cat is allowed as a shell command, the file argument ~/.ssh/id_rsa triggers the file block rule. This prevents attackers from using shell commands (cat, head, tail, cp, etc.) to bypass file policies.

Default Security Policy

Out of the box, AgentKernel blocks 341+ known malicious patterns including:

  • AMOS Stealer — crypto wallets, browser credentials
  • Reverse shells — bash -i, nc -e, python pty.spawn
  • Data exfiltration — Telegram bots, Discord webhooks, paste sites
  • SSRF — cloud metadata endpoints, internal networks
  • Download & execute — curl|bash, wget|sh
  • Shell→file bypass — cat/head/tail/cp of blocked files

See the main repo for full documentation.

License

MIT