npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@pompelmi/openclaw-attachment-firewall

v0.1.0

Published

Minimal native OpenClaw file preflight plugin powered by Pompelmi.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

justsouichijustsouichi

Keywords

openclawopenclaw-pluginnative-pluginpompelmiattachment-securityfile-securitytool-hookpreflight-scanning

Readme

@pompelmi/openclaw-attachment-firewall

Minimal native OpenClaw file preflight plugin powered by Pompelmi.

Main Pompelmi repository: https://github.com/pompelmi/pompelmi

This repository is an ecosystem integration package, not the main product. The core scanner direction, broader engine work, and primary roadmap live in the main Pompelmi repository:

https://github.com/pompelmi/pompelmi

Scope

This plugin keeps a deliberately small MVP surface:

  • native OpenClaw tool: pompelmi_scan_file
  • native OpenClaw hook: before_tool_call
  • local file/path preflight scanning only
  • no UI
  • no cloud backend
  • no exaggerated malware-engine claims

Current checks stay lightweight and deterministic:

  • file existence and regular-file validation
  • maximum file size enforcement
  • explicit extension blocklist checks
  • suspicious executable and script extension handling
  • lightweight file-header signature sniffing where practical
  • stable structured verdict output for both the tool and hook flow

Install

openclaw plugins install @pompelmi/openclaw-attachment-firewall

After install, configure the plugin under plugins.entries.openclaw-attachment-firewall and restart the OpenClaw gateway if needed.

If you want the deeper scanner engine or the main roadmap, start with:

https://github.com/pompelmi/pompelmi

Configuration

openclaw.plugin.json exposes this config:

{
  "plugins": {
    "entries": {
      "openclaw-attachment-firewall": {
        "enabled": true,
        "config": {
          "enabled": true,
          "mode": "advisory",
          "blockSuspicious": false,
          "blockMalicious": true,
          "scanArchives": true,
          "maxBytes": 26214400,
          "extensionsBlocklist": [],
          "pathParamKeys": [
            "file",
            "path",
            "filePath",
            "attachment",
            "attachments",
            "input",
            "target"
          ]
        }
      }
    }
  }
}

Notes:

  • mode: "advisory" logs findings and allows the original tool call
  • mode: "enforce" blocks malicious files and can also block suspicious files when blockSuspicious is true
  • scanArchives currently covers outer-file archive handling only
  • pathParamKeys limits which tool arguments are treated as local file candidates

Behavior

Explicit tool call:

{
  "tool": "pompelmi_scan_file",
  "arguments": {
    "path": "/tmp/invoice.pdf"
  }
}

Example result:

{
  "inputPath": "/tmp/invoice.pdf",
  "path": "/tmp/invoice.pdf",
  "fileName": "invoice.pdf",
  "extension": "pdf",
  "sizeBytes": 48123,
  "mime": "application/pdf",
  "detectedType": "pdf",
  "verdict": "clean",
  "recommendedAction": "allow",
  "reasons": [],
  "signals": []
}

Hook behavior:

  • if a tool argument looks like a local file path under configured keys such as path, filePath, or attachment, the plugin scans it before execution
  • in advisory mode, execution continues and the plugin logs the verdict summary
  • in enforce mode, malicious files are blocked, and suspicious files are blocked only when configured to do so

Development

Local validation:

npm install --ignore-scripts
npm run typecheck
npm pack --dry-run

Local OpenClaw testing:

openclaw plugins install -l .
openclaw plugins inspect openclaw-attachment-firewall
openclaw plugins doctor

The deeper engine and future integration work should continue in the main Pompelmi repository:

https://github.com/pompelmi/pompelmi

License

MIT. See LICENSE.