npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

claw-cli

v1.1.0

Published

A security-first AI agent for browser automation.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rhyugenrhyugen

Keywords

ai-agentsecuritybrowser-automationtermuxclaw

Readme

Claw-CLI: The Security-First Agent That Actually Protects You

OpenClaw got hacked? Meet Claw-CLI — the security-first agent that actually protects you.

🚀 Installation (v1.1.0)

1. Standard Install (macOS, Linux, Windows)

Install Node.js v18+ and then run:

npm install -g claw-cli

The postinstall script will automatically download the necessary Playwright browsers.

2. Android Termux Guide

Termux requires a few extra steps:

# 1. Install dependencies
pkg install nodejs-lts git

# 2. Install claw-cli globally
npm install -g claw-cli

# 3. Manually install Playwright browsers (postinstall might fail)
npx playwright install --with-deps

3. Quick Start

After installation, run the doctor to check your setup:

claw doctor

Initialize your config file:

claw init

See available commands:

claw --help

Start the server (for web UI or remote access):

claw --server

✨ Features

  • Security-First Design: Unlike other agents, Claw-CLI operates on a "fail-closed" principle. Every action is explicitly allow-listed and validated, ensuring the LLM cannot execute arbitrary or unsafe commands.
  • Sandboxed Execution: All web automation occurs within an isolated browser environment, preventing unintended system access.
  • User Confirmation for Sensitive Actions: Critical operations (e.g., sending messages) require explicit user approval. You're always in control.
  • Auditable Logs: Every agent action and decision is logged for transparency and security auditing.
  • Local-First, Single-User: Designed for your personal machine, offering robust security without the complexities of multi-user environments.

⚔️ Claw-CLI vs. OpenClaw: A Security Showdown (February 2026)

| Feature | OpenClaw (CVE-2026-25253, RCE, Command Injection) | Claw-CLI (Security-First by Design) | | :------------------ | :------------------------------------------------ | :------------------------------------------ | | Security Model | Permissive, Prone to LLM "hallucinations" | Fail-Closed, Explicit Allow-List | | CVE-2026-25253 | Vulnerable (8.8 RCE!) | Immune by Design | | Command Injection | Widespread Vulnerabilities | Impossible: No Raw Shell Access | | Infostealers | Key/Config Exposure Risk | Sandboxed, Isolated Environment | | Malicious Skills | 900+ known, execution often unrestricted | Policy-Engine Verified: Safe by Default | | Control | LLM often dictates actions | User Always Confirms Sensitive Actions | | Deployment | Any environment, often insecurely | Local & Secure; ClawCloud for Managed | | Trust Model | Trust in LLM + Skill Developers | Trust in Code, Auditable Policies |

🖼️ Demo (Coming Soon!)

🔒 Security Model: How Claw-CLI Protects You

Claw-CLI operates on a rigorous Input -> Plan -> Policy -> Execute -> Audit loop:

  1. Input: Your natural language task.
  2. Plan: An advanced LLM (like Gemini) breaks down your task into discrete, structured actions (JSON).
  3. Policy (THE CORE): Our battle-hardened policy engine intercepts every single action. If an action isn't explicitly allowed and safe, the entire plan is rejected. No exceptions.
  4. Execute: Approved actions run in a tightly sandboxed, read-only browser environment. Sensitive actions require your explicit [Y/n] confirmation.
  5. Audit: Every step is logged, providing full transparency and traceability.

Claw-CLI NEVER executes raw shell commands. All actions are strictly constrained.

☁️ Local vs. ClawCloud (Managed SaaS)

Claw-CLI is designed to be fully open-source and free for local, single-user use on your machine. This gives you maximum control and privacy.

For teams and businesses requiring advanced features, scalability, and managed infrastructure, we're building ClawCloud.

  • Claw-CLI (Open-Source):

    • Local execution, single-user.
    • Full privacy, data stays on your machine.
    • No monthly fees.
    • Self-managed setup.

  • ClawCloud (Managed SaaS):

    • All Claw-CLI features, plus:
    • Secure, hosted multi-tenant environment.
    • Scalable execution for high-volume tasks.
    • Team collaboration & access controls.
    • Advanced analytics & reporting.
    • Dedicated support.
    • Guaranteed uptime & SLA.
    • Coming Soon: Premium LLM integrations, enhanced security auditing.

💰 ClawCloud Pricing (Teaser)

Starting at ₹499/month for individuals, up to ₹1999/month for enterprise teams. Early bird access for waitlist sign-ups!

🗺️ Roadmap (v1.0.0 and beyond)

  • v1.1.0 (Current Release): npm-ready, claw doctor + claw init, Termux support.
  • v1.0.0: Production-ready, secure local CLI. Foundation for ClawCloud.
  • v1.2.0: Improved LLM integration patterns, custom policy definitions.
  • v2.0.0: First release of ClawCloud managed service with full feature parity + team features.

Join the waitlist here: Sign up for ClawCloud Beta https://forms.gle/uKuj7huVmLDSYzvT8