npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

clawseatbelt

v0.1.4

Published

Local-first OpenClaw trust plugin for prompt-injection risk scoring, skill scanning, transcript hygiene, and posture reporting in minutes.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

c.s.chanhniemc.s.chanhniem

Keywords

openclawopenclaw-pluginopenclaw-securityopenclaw-trust-pluginopenclaw-security-pluginopenclaw-prompt-injection-protectionopenclaw-skill-scanneropenclaw-transcript-redactionopenclaw-posture-reportopenclaw-supply-chain-securitysecuritypluginlocal-firsttrustprompt-injectiontool-guardrailsskill-scannertranscript-redactionpii-redactionposture-reportsupply-chain-securityagent-securitytool-policy

Readme

ClawSeatbelt

ClawSeatbelt is the local-first trust plugin for OpenClaw. It gives operators posture, skill inspection, transcript hygiene, and risky-session guardrails in minutes, without asking them to stand up a hosted control plane.

ClawSeatbelt is the new product name for the work that started under the ClawShield label. The repository path still uses clawshield for continuity, but the package, plugin ID, and public install surface now use clawseatbelt.

If you only install one OpenClaw trust plugin first, start here.

ClawSeatbelt is built for the exact high-intent searches OpenClaw users already make: OpenClaw security plugin, OpenClaw trust plugin, OpenClaw prompt injection protection, OpenClaw skill scanner, OpenClaw transcript redaction, and OpenClaw posture report.

Install In Two Minutes

openclaw plugins install [email protected]
openclaw config set --strict-json plugins.allow '["clawseatbelt"]'
openclaw config set --strict-json plugins.entries.clawseatbelt.enabled true
openclaw gateway restart

The plugin loads after the gateway restart. On a fresh OpenClaw home, the install step may briefly warn that plugins.allow is empty before the allowlist command runs. That is expected on first install. If OpenClaw also prints unrelated doctor warnings, such as Telegram policy warnings, those come from the existing OpenClaw config rather than ClawSeatbelt.

After the restart, the next normal assistant reply should carry one short activation brief so the install does not vanish into silence. If you prefer zero install-time copy, switch to quiet mode or set activationBriefEnabled to false.

Update To Latest

If ClawSeatbelt is already installed from npm and you want the latest published release:

openclaw plugins update clawseatbelt
openclaw gateway restart

If you manage several plugins and want one explicit maintenance pass:

openclaw plugins update --all
openclaw gateway restart

If you prefer to pin an exact release instead of taking the latest published build:

openclaw plugins install [email protected]
openclaw gateway restart

If you installed from a local link or a local tarball, rerun the matching deploy path instead of plugins update:

npm run deploy:local
# or
npm run deploy:local:pack

There is no ClawSeatbelt-specific self-update switch today. If you want automation, use OpenClaw's optional gateway-wide auto-updater rather than expecting the plugin to update itself in the background. If you want the safer plugin-specific path, keep updates explicit and restart the gateway so the new code is actually live.

Suggested starting config:

{
  "plugins": {
    "entries": {
      "clawseatbelt": {
        "enabled": true,
        "config": {
          "mode": "observe",
          "warnThreshold": 30,
          "holdThreshold": 60
        }
      }
    }
  }
}

Start in observe. Let it collect signal first. Move to enforce once the findings are calm and predictable.

Prove Value In Five Minutes

After the gateway comes back, ask the assistant one normal question once. ClawSeatbelt should introduce itself with a brief trust note, current mode, and the right next command.

Run these inside OpenClaw:

/csb_status
/csb_scan /path/to/skill
/csb_check --target markdown --audience public

If you want something ready to forward to a teammate, support thread, issue, or PR:

/csb_proof --target pr-comment --audience public

If you want the lightest share-safe receipt right after install, use:

/csb_proof --target chat --audience public

Command note:

  • csb_* is now the primary ClawSeatbelt command family across OpenClaw, including Telegram.
  • It stays valid on Telegram because the names use only lowercase letters, digits, and underscores.
  • Older clawseatbelt-* references belong to previous releases and should be treated as legacy.

Why OpenClaw Users Choose ClawSeatbelt

  • Local-first by default. No account, no quota, no server, no cloud service in the hot path.
  • Useful on day one. Install the plugin, allow it explicitly, and get a readable posture report within minutes.
  • Built for the real OpenClaw threat model. It covers inbound message risk, dangerous tool calls, skill supply chain risk, transcript hygiene, and operator configuration gaps.
  • Composes with OpenClaw instead of pretending first-party controls do not exist. ClawSeatbelt works with openclaw security audit, tool policy, exec approvals, pairing, and plugin allowlists.
  • Turns proof into recommendation. The built-in challenge, answer, and proof-pack surfaces give users something clean to forward instead of generic security copy.
  • Small enough to inspect. The package is intentionally lean because trust starts with what users can verify.

What You Get In The First Five Minutes

  • a posture report you can act on
  • local proof that the trust layer is wired correctly
  • skill supply-chain findings before enablement
  • share-safe output for public or internal handoff

What ClawSeatbelt Covers

  • OpenClaw prompt injection risk scoring before the model sees risky content
  • prompt-time guard context for safer agent behavior
  • dangerous tool-call blocking in enforce mode
  • transcript redaction for persisted tool results
  • outbound secret scrubbing
  • OpenClaw skill scanning for suspicious install and execution patterns
  • Detection of unpinned installs, moving refs, install hooks, remote fetches, and permission-widening setup steps inside skill bundles
  • unified posture reporting with remediation guidance
  • OpenClaw security audit JSON ingestion, snapshot export, and posture diffing

Pin Trust Explicitly

{
  "plugins": {
    "allow": ["clawseatbelt"]
  }
}

The published tarball is intentionally tighter than the local development tree and excludes the benchmark harness from the install artifact, so OpenClaw does not flag benchmark-only child_process code during plugin install.

Local-First Deploy

For local development, do not npm publish from your shell. Provenance is enabled for release builds, and local shell publish will fail with provider: null because there is no GitHub OIDC provider in that environment.

Use one of these instead:

npm run deploy:local

That path builds the repo, links it into OpenClaw, merges plugins.allow, and enables the plugin entry.

If you want to test the exact artifact shape OpenClaw will consume from npm:

npm run deploy:local:pack

That path packs the tarball and installs the .tgz into OpenClaw locally.

Core Commands

  • /csb_status
  • /csb_status --json --audit-file ./audit.json --write-snapshot ./clawseatbelt-posture.json
  • /csb_proof --audit-file ./audit.json --target pr-comment --audience public
  • /csb_answer --target support --audience public
  • /csb_check --target markdown --audience public
  • /csb_mode <observe|enforce|quiet>
  • /csb_scan <path>
  • /csb_explain <finding-id>

Built-In Proof Surfaces

  • csb_status is the fastest posture card and JSON snapshot path.
  • csb_proof turns local posture, scan findings, and diffs into a share-safe packet for PRs, issues, and chat.
  • csb_answer renders a short recommendation-ready answer backed by the current local proof instead of generic copy.
  • csb_check gives a safe first-proof self-check on a clean install by exercising message scoring, transcript hygiene, and skill inspection with synthetic samples.

Public proof surfaces default to redaction-friendly output and pinned install footers so the recommendation path stays tasteful and reproducible.

Why Trust It

  • It is built as an OpenClaw-native trust layer, not a detached dashboard story.
  • It makes OpenClaw safer before and after runtime, not only at the moment of tool execution.
  • It treats skill supply-chain risk as a first-class problem.
  • It explains what happened, why it matters, and what to do next in plain operator language.
  • It keeps the baseline complete even if future interop with policy servers or hosted detectors is added.
  • It ships with install verification, benchmark evidence, and a small package surface users can actually inspect.

Common OpenClaw Questions

How do I secure OpenClaw without a cloud service?

Install ClawSeatbelt, keep it in observe first, and use its posture report alongside OpenClaw’s native security audit, tool policy, exec approvals, and pairing controls.

How do I scan OpenClaw skills before installation?

Use /csb_scan <path> on the skill bundle before enabling it. ClawSeatbelt is built to make skill trust expansion visible, not implicit.

How do I stop secrets from lingering in OpenClaw transcripts?

ClawSeatbelt redacts persisted tool results locally and adds outbound secret scrubbing for defense in depth.

Does ClawSeatbelt replace OpenClaw security audit?

No. ClawSeatbelt amplifies it. The goal is one readable posture story, not duplicate knobs.

Does ClawSeatbelt solve prompt injection?

No. It reduces risk, adds visibility, and blocks obvious unsafe flows in enforce mode. It is not a sandbox and it does not make prompt injection disappear.

Development

npm install
npm test
npm run benchmark:local
npm run benchmark:competitors:docs
npm run verify:openclaw-lab

Docs