npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@openguardrails/moltguard

v6.9.4

Published

AI agent security plugin for OpenClaw: prompt injection detection, PII sanitization, and monitoring dashboard

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

thomaslwangthomaslwang

Keywords

openclawopenguardrailsprompt-injectionsecurityai-safetyguardai-security-gatewaydata-sanitizationdashboard

Readme

MoltGuard

npm version GitHub

Comprehensive AI security for OpenClaw: Real-time protection against prompt injection, data leaks, and dangerous actions.

GitHub: https://github.com/openguardrails/openguardrails/tree/main/moltguard

npm: https://www.npmjs.com/package/@openguardrails/moltguard

Three Principles

  1. Instant Value — Works immediately after installation
  2. No Security Expertise — No configuration needed
  3. Secure by Default — "Install it, and the agent won't go rogue"

Features

| Feature | Description | |---------|-------------| | Agent Guard | Real-time interception of tool calls, shell commands, file access, HTTP requests | | Secret & Data Leak Protection | Auto-sanitize API keys, SSH keys, PII before sending to LLMs | | Prompt Injection Protection | Detect "ignore instructions", "send secrets", "bypass rules" attacks | | Local Dashboard | View detection stats, agentic hours, and risk events |

Quick Start

# Install the plugin
openclaw plugins install @openguardrails/moltguard

# Restart OpenClaw
openclaw gateway restart

That's it. MoltGuard auto-registers with Core and starts protecting immediately with 500 free checks/day.

Commands

All commands are available in OpenClaw conversation:

| Command | Description | |---------|-------------| | /og_status | Show status, API key, quota, and mode | | /og_sanitize on | Enable AI Security Gateway (sanitize sensitive data before sending to LLMs) | | /og_sanitize off | Disable AI Security Gateway | | /og_sanitize | Show gateway status | | /og_scan [type] | Scan workspace files for security risks | | /og_autoscan on/off | Enable/disable automatic file scanning on changes | | /og_dashboard | Start local Dashboard and get access URL | | /og_config | Show how to configure API key for cross-machine sharing | | /og_core | Open Core portal for account and billing | | /og_claim | Display agent ID and API key for claiming on Core | | /og_reset | Reset MoltGuard and re-register (gets new API key) |

AI Security Gateway

Protect sensitive data in your prompts before sending to LLMs.

How It Works

You: "My API key is sk-abc123, call the service"
  ↓ Gateway sanitizes locally
LLM sees: "My API key is __PII_SECRET_00000001__, call the service"
  ↓ LLM responds
LLM: "Calling service with __PII_SECRET_00000001__"
  ↓ Gateway restores
Tool executes with: "Calling service with sk-abc123"

Enable Gateway

/og_sanitize on

This modifies your ~/.openclaw/openclaw.json to route all LLM providers through the local gateway (port 53669).

Supported Data Types

| Data Type | Placeholder | Examples | |-----------|-------------|----------| | API Keys | __PII_SECRET_*__ | sk-..., ghp_..., AKIA... | | Bearer Tokens | __PII_SECRET_*__ | Bearer eyJhbG... | | Email | __PII_EMAIL_ADDRESS_*__ | [email protected] | | Credit Cards | __PII_CREDIT_CARD_*__ | 4111-1111-1111-1111 | | Phone | __PII_PHONE_*__ | +1-555-123-4567 | | SSN | __PII_SSN_*__ | 123-45-6789 | | IP Address | __PII_IP_ADDRESS_*__ | 192.168.1.1 | | URLs | __PII_URL_*__ | https://internal.corp/secret | | High-entropy strings | __PII_SECRET_*__ | Random tokens with Shannon entropy ≥4.0 |

Prompt Injection Detection

MoltGuard detects malicious instructions hidden in external content (emails, web pages, documents).

Detection Flow

External Content (email/webpage/document)
         ↓
   ┌─────────────┐
   │   Local     │  Strip PII before analysis
   │  Sanitize   │
   └─────────────┘
         ↓
   ┌─────────────┐
   │    Core     │  Behavioral assessment
   │     API     │  (rule-driven, no LLM)
   └─────────────┘
         ↓
   Block or Allow

What Gets Detected

  • "Ignore previous instructions" patterns
  • "Send me your secrets" attempts
  • System prompt override attacks
  • Hidden instructions in markdown/HTML
  • Data exfiltration attempts

Static File Scanning

Scan workspace files for security risks:

/og_scan all        # Scan all workspace files
/og_scan memories   # Scan memory files only
/og_scan skills     # Scan skill files only
/og_scan summary    # Show file count without scanning

Enable automatic scanning on file changes:

/og_autoscan on

Dashboard

View security stats in a local web dashboard:

/og_dashboard

The dashboard shows:

  • Detection events and findings
  • Agentic hours (total time of tool calls)
  • Gateway activity (sanitizations/restorations)
  • Risk event timeline

Claiming an Agent

Link your agent to an email for shared quota across machines:

  1. Run /og_claim to get your agent ID and API key
  2. Run /og_core to open the Core portal
  3. Enter your email to receive a magic login link
  4. Go to /claim-agent and paste your credentials
  5. Agent is now linked to your account

Configuration

Edit ~/.openclaw/openclaw.json:

{
  "plugins": {
    "entries": {
      "moltguard": {
        "enabled": true,
        "config": {
          "coreUrl": "https://www.openguardrails.com/core",
          "blockOnRisk": true,
          "timeoutMs": 60000
        }
      }
    }
  }
}

Options

| Option | Default | Description | |--------|---------|-------------| | coreUrl | https://www.openguardrails.com/core | Core API endpoint | | blockOnRisk | true | Block tool calls when risk detected | | timeoutMs | 60000 | Detection timeout in milliseconds | | apiKey | (auto) | API key (auto-registered if empty) |

Environment Variables

OG_API_KEY=sk-og-...        # Use specific API key
OG_CORE_URL=...             # Custom Core URL

Privacy & Data Protection

OpenGuardrails protects your data — we don't collect it.

Local-First Design

  • All sensitive data is sanitized on your machine before leaving
  • Gateway runs locally on 127.0.0.1:53669
  • Placeholder-to-original mappings are ephemeral (discarded after each request)
  • Credentials stored locally at ~/.openclaw/credentials/moltguard/

What the Cloud API Receives

  • Sanitized content (placeholders, not real values)
  • Tool names and timing signals
  • Never: raw file contents, conversation history, or PII

Fail-Open Design

If the Core API is unreachable, tool calls are allowed — never blocks your workflow due to network issues.

Plugin Update

MoltGuard supports graceful updates:

openclaw plugins update @openguardrails/moltguard

The plugin automatically handles port conflicts during updates using a secure token mechanism.

Uninstall

openclaw plugins uninstall @openguardrails/moltguard
openclaw gateway restart

To remove stored credentials:

rm -rf ~/.openclaw/credentials/moltguard
rm -rf ~/.openclaw/extensions/moltguard

Development

git clone https://github.com/openguardrails/openguardrails.git
cd openguardrails/moltguard

npm install
npm run typecheck
npm run test

# Local development install
openclaw plugins install -l .
openclaw gateway restart

Contact

License

MIT