npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@atbash/atbash-openclaw

v0.0.5

Published

OpenClaw ATBASH tool-audit plugin. Thin adapter that maps OpenClaw's before_tool_call hook onto @atbash/sdk.

Downloads

455

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

ketiyohketiyohbewuketu_lakebewuketu_lakecelse13celse13tsiontesfayetsiontesfayetewuhbotewuhboamanuelmramanuelmr

Keywords

openclawpluginatbashtool-auditchromiapolicyaudit

Readme

@atbash/atbash-openclaw

OpenClaw plugin that gates every tool call against the ATBASH policy service. A thin adapter on top of @atbash/sdk — the SDK does the audit pipeline, this package wires it into OpenClaw's before_tool_call hook.

If you're not using OpenClaw and want to use ATBASH from your own code, install the SDK directly.

Install

openclaw plugins install @atbash/atbash-openclaw

The plugin signs audit transactions locally with your agent's secp256k1 private key. The key never leaves your machine; only signed bytes plus the corresponding public key are transmitted.

Get an agent key

The plugin reads from ~/.config/atbash/guard-client-key by default. The file is JSON:

{
  "privKey": "your-hex-private-key-64-chars",
  "pubKey":  "your-hex-public-key-66-chars"
}

…or key=value:

privkey=your-hex-private-key-64-chars
pubkey=your-hex-public-key-66-chars

Contact the ATBASH team to register an agent and obtain a key pair.

Configure it in OpenClaw

Open ~/.openclaw/openclaw.json and add:

{
  "plugins": {
      "allow": [
      "openclaw"
    ],
    "load": {
      "paths": [
        "/Users/<your-username>/.openclaw/extensions/openclaw"
      ]
    },
    "entries": {
      "openclaw": {
        "enabled": true,
        "config": {
          "enabled": true,
          "enforceDecision": true,
          "chromiaSecretPath": "~/.config/atbash/guard-client-key"
        },
        "hooks": {
          "allowConversationAccess": true,
          "allowPromptInjection": true
      }
      }
    }
  }
}

Config fields

| Field | Type | Default | What it does | |---|---|---|---| | enabled | bool | true | Master switch. false = plugin returns immediately. | | enforceDecision | bool | true | Surfaced to logs. The plugin always blocks on BLOCK. | | chromiaSecretPath | string | ~/.config/atbash/guard-client-key | Path to the agent key file. Supports ~/. | | debug | bool | false | Reserved. No-op today. |

Updating

openclaw plugins update @atbash/atbash-openclaw

Uninstalling

openclaw plugins uninstall @atbash/atbash-openclaw

The agent key file at ~/.config/atbash/guard-client-key is not removed — delete it manually if you want to retire the agent identity.

Secret redaction

Before each tool call is sent to the judge, the underlying @atbash/sdk scans the args and context for secret-shaped values and replaces matches with [REDACTED:<kind>]. Redaction is client-side and happens before signing, so secrets never reach the signed bytes, the request body, the on-chain log, or the AI provider.

When the redactor fires, OpenClaw will surface a warning like:

[atbash] redacted secrets before judge call { tool: "exec", count: 2, kinds: ["anthropic", "generic_token"] }

The kinds field shows which patterns matched. anthropic / openai / aws_access_key / jwt / etc. indicate real vendor secrets. generic_token is a catch-all for long random-looking strings — it can also match UUIDs and content hashes; the judge still gets enough context to evaluate the action, but worth knowing if you see it unexpectedly.

The agent's own tool execution is unaffected — only the data sent to the judge is scrubbed. Full kind list and behaviour reference: see the SDK README.

Troubleshooting

Tool calls aren't being audited. Check enabled: true is set both on the entry (plugins.entries.openclaw.enabled) and inside config (config.enabled).

Every tool call is blocked, even safe ones. The plugin is fail-closed: any pipeline error blocks. Look for [atbash] … warnings in the OpenClaw log. Most often: missing key, expired key, or restricted egress.

License

Proprietary — all rights reserved. See LICENSE. Commercial licensing inquiries: contact the Atbash team.