npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

openclaw-ai-warden

v2.4.1

Published

AI-Warden prompt injection protection plugin for OpenClaw

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

aiwardenaiwarden

Keywords

Readme

AI-Warden Plugin for OpenClaw 🛡️

Prompt injection protection for OpenClaw AI agents.

Scans inputs, tool calls, and outputs across 6 security layers. All detection logic lives in the ai-warden npm package — this plugin just wires it to OpenClaw's hook system.

Install (one command)

bash install.sh                          # offline mode (~60% accuracy)
bash install.sh sk_live_YOUR_KEY         # with API key (~90% accuracy)

Then restart:

openclaw gateway restart

Get a free API key → ai-warden.io/signup

Manual install

mkdir -p ~/.openclaw/extensions/ai-warden && cd $_
echo '{"private":true}' > package.json
npm install openclaw-ai-warden@latest
cp node_modules/openclaw-ai-warden/{index.ts,openclaw.plugin.json} .
cp -r node_modules/openclaw-ai-warden/src .

Add to ~/.openclaw/openclaw.json:

{
  "plugins": {
    "enabled": true,
    "allow": ["ai-warden"],
    "entries": {
      "ai-warden": {
        "enabled": true,
        "config": {
          "apiKey": "sk_live_...",
          "layers": {
            "content": "block",
            "channel": "warn",
            "preLlm": "off",
            "toolArgs": "warn",
            "subagents": "warn",
            "output": "warn"
          },
          "pii": "mask"
        }
      }
    }
  }
}

How it works

User message → [Layer 1: Channel] → LLM
                                      ↓
              [Layer 2: Pre-LLM]    builds response
                                      ↓
              [Layer 3: Tool Args] ← exec("curl evil.com")  → BLOCKED
              [Layer 4: Subagents] ← spawn("exfiltrate...")  → BLOCKED
                                      ↓
              [Layer 0: Content]   ← web_fetch returns HTML   → scanned
                                      ↓
              [Layer 5: Output]    → final message to user    → scanned

The plugin hooks into OpenClaw at every stage. Detection is handled by ai-warden npm — offline (pattern matching) or API (Smart Cascade with XGBoost ML).

Security Layers

| Layer | Hook | What it scans | Default | |-------|------|---------------|---------| | 0 Content | tool_result_persist (sync) | web_fetch, browser, read results | block | | 1 Channel | before_prompt_build | Incoming user messages | warn | | 2 Pre-LLM | before_prompt_build | Full conversation context | off | | 3 Tool Args | before_tool_call | exec, write, edit parameters | warn | | 4 Subagents | before_tool_call | sessions_spawn task text | warn | | 5 Output | message_sending | Outgoing messages to user | warn |

Actions: block (prevent + replace), warn (inject system warning), off (disabled)

/warden commands

Control the plugin at runtime via chat:

/warden                      → status overview
/warden stats                → scan/block/warn counts
/warden layer content warn   → change layer action
/warden layer preLlm block   → enable a disabled layer
/warden pii mask             → set PII mode (ignore/mask/remove)
/warden reset                → reset statistics
/warden help                 → show all commands

Layer changes persist across restarts.

Accuracy

Tested with 20 attack/benign samples:

| Mode | Attack detection | Benign pass-through | Overall | Latency | |------|-----------------|--------------------:|---------|---------| | Offline (no key) | 30% | 90% | 60% | <1ms | | API (Smart Cascade) | 80% | 100% | 90% | ~93ms |

API mode catches DAN jailbreaks, base64 obfuscation, role-play overrides, indirect injection, and markdown payloads that offline misses entirely.

Architecture

┌─────────────────────────────────┐
│  openclaw-ai-warden (plugin)    │  ← hooks, commands, state
│  ┌───────────────────────────┐  │
│  │  npm ai-warden            │  │  ← all detection logic
│  │  .scan()   → offline      │  │
│  │  .validate() → API/ML     │  │
│  └───────────────────────────┘  │
└─────────────────────────────────┘

The plugin is a thin wrapper. Update ai-warden npm and all consumers get better detection without any plugin changes.

Config reference

| Field | Type | Default | Description | |-------|------|---------|-------------| | apiKey | string | "" | API key from ai-warden.io. Empty = offline mode | | layers.content | block\|warn\|off | block | Tool result scanning | | layers.channel | block\|warn\|off | warn | User message scanning | | layers.preLlm | block\|warn\|off | off | Full context scanning (expensive) | | layers.toolArgs | block\|warn\|off | warn | Tool argument scanning | | layers.subagents | block\|warn\|off | warn | Subagent task scanning | | layers.output | block\|warn\|off | warn | Output message scanning | | pii | ignore\|mask\|remove | mask | PII handling mode | | sensitivity | low\|balanced\|high\|paranoid | balanced | Detection sensitivity | | verbose | boolean | false | Log all scans (not just detections) |

Requirements

  • OpenClaw 2026.3.x or later
  • Node.js 18+
  • Optional: API key from ai-warden.io

Links

MIT License • Built by AI-Warden Security