npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

tencent-claw-shield

v0.3.8

Published

OpenClaw claw-shield plugin with remote policy, bundled guardrail config, skills upload, and telemetry.

Downloads

3,429

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

lukayi2088lukayi2088

Keywords

Readme

Claw Shield — AI Agent Runtime Security Plugin

English | 中文

Claw Shield 是由腾讯安全 WAF 团队打造的 AI Agent 运行时安全防护插件,为 OpenClaw Agent 提供全生命周期的安全治理能力。

核心防护能力

Claw Shield 在 Agent 运行时的关键节点自动拦截并执行安全检测,覆盖以下防护场景:

输入安全防护

  • 提示词注入检测 — 识别并拦截恶意 Prompt Injection 攻击
  • 敏感内容过滤 — 对用户输入中的违规、有害内容进行实时检测

工具调用防护

  • 危险工具拦截 — 对高风险工具调用(如文件操作、命令执行)进行实时阻断
  • 参数合规校验 — 检测工具调用参数中的越权、注入等安全风险
  • Skill 安全审计 — 自动收集并上报 Agent 已安装的 Skill 信息,支持远端检测与策略管控

输出安全防护

  • 内容脱敏 — 对 Agent 输出中的敏感信息(如密钥、个人隐私)进行自动脱敏
  • 外发内容审查 — 在消息发送前进行安全检查,防止敏感信息泄露

模型交互防护

  • LLM 请求审计 — 记录并检测发送给大模型的请求内容
  • 响应内容检测 — 对模型返回结果进行安全合规检查

安全运营

  • 安全事件留痕 — 自动记录所有安全检测事件,支持查询与审计
  • 实时遥测上报 — 基于 WebSocket 长连接的心跳与数据上报,实现集中化安全态势感知
  • 远端策略管控 — 所有防护策略由远端安全服务统一下发,支持动态调整,无需重启 Agent

技术特性

  • 零侵入集成 — 作为 OpenClaw 标准插件运行,无需修改 Agent 业务代码
  • 同步 + 异步双路径 — 关键路径(如工具调用阻断)采用同步检测确保实时拦截;非关键路径采用异步检测降低延迟影响
  • 高可用容错 — 远端服务不可达时自动 fallback 放行,不影响 Agent 正常运行
  • 闭源加密交付 — 核心代码经混淆加密处理,安全可控

环境要求

  • Node.js >= 20(LTS 版本,推荐 20.x 或 22.x)
  • OpenClaw Agent 运行环境

快速安装

npx -y tencent-claw-shield install --global

安装过程中会依次提示配置:

  1. API Key — 用于远端安全服务认证
  2. Server 地址 — 远端安全检测服务的 IP 和端口
  3. WebSocket 地址 — 遥测上报服务的 IP 和端口

也支持非交互式安装:

npx -y tencent-claw-shield install --global \
  --api-key '<your-api-key>' \
  --server-address <[http|https://]ip:port> \
  --ws-address <[ws|wss://]ip:port>

Server 地址支持 http://https:// 协议前缀(如 https://203.0.113.1:443),不填默认为 http。 WebSocket 地址支持 ws://wss:// 协议前缀(如 wss://203.0.113.1:8081),不填默认为 ws。 HTTPS / WSS 模式下均会自动跳过证书校验。

其他常用命令

# 更新插件
npx -y tencent-claw-shield update --global

# 一次性修改 API Key + Server + WebSocket 地址(交互式依次提示)
npx -y tencent-claw-shield set-config

# 也可通过参数直接传入(非交互式)
npx -y tencent-claw-shield set-config --api-key '<key>' --server-address <ip:port> --ws-address <ip:port>

# 单独修改 API Key
npx -y tencent-claw-shield set-api-key --global

# 单独修改 Server 地址(支持 https 协议前缀)
npx -y tencent-claw-shield set-server --server-address <ip:port>
npx -y tencent-claw-shield set-server --server-address https://203.0.113.1:443

# 单独修改 WebSocket 地址(支持 wss 协议前缀)
npx -y tencent-claw-shield set-websocket --ws-address <ip:port>
npx -y tencent-claw-shield set-websocket --ws-address wss://203.0.113.1:8081

# 热刷新配置
npx -y tencent-claw-shield reload

卸载

# 一键卸载(保留认证文件,方便重新安装时复用)
npx -y tencent-claw-shield uninstall --global

# 完全卸载(同时删除认证文件)
npx -y tencent-claw-shield uninstall --global --purge

临时关闭 / 恢复防护

# 一键关闭所有防护(安全检测、遥测上报、Skills 上报全部暂停)
npx -y tencent-claw-shield bypass

# 恢复所有防护
npx -y tencent-claw-shield resume

Bypass 模式下插件仍然加载在 OpenClaw 中,但所有 Hook 会直接放行,不会调用远端检测服务。执行 resume 后立即恢复全部防护能力,无需重启 Gateway。

接入说明

Claw Shield 的安全检测能力依赖远端防护策略服务。您需要在远端平台完成安全策略配置后,插件才能正常提供防护。

当前版本以 OpenClaw Agent 为首要集成目标,后续计划支持更多 AI Agent 框架接入。

咨询与接入

如果您希望了解更多产品信息或接入使用,请联系:

邮箱:[email protected]

关于我们

Claw Shield 由腾讯安全 WAF 团队研发,致力于为 AI Agent 生态提供专业的运行时安全防护方案。

License

UNLICENSED — 本软件为闭源商业软件,未经授权不得复制、修改或分发。

English | 中文

Claw Shield is an AI Agent runtime security plugin built by the Tencent Security WAF Team, providing full-lifecycle security governance for OpenClaw Agents.

Core Security Capabilities

Claw Shield automatically intercepts and performs security checks at critical points during Agent runtime, covering the following scenarios:

Input Protection

  • Prompt Injection Detection — Identifies and blocks malicious Prompt Injection attacks
  • Sensitive Content Filtering — Real-time detection of harmful or non-compliant content in user input

Tool Call Protection

  • Dangerous Tool Blocking — Real-time blocking of high-risk tool calls (e.g., file operations, command execution)
  • Parameter Compliance Validation — Detects privilege escalation, injection, and other security risks in tool call parameters
  • Skill Security Audit — Automatically collects and reports installed Skill information for remote detection and policy enforcement

Output Protection

  • Content Redaction — Automatically redacts sensitive information (e.g., secrets, personal data) in Agent output
  • Outbound Content Review — Security checks before message delivery to prevent sensitive data leakage

Model Interaction Protection

  • LLM Request Audit — Records and inspects content sent to large language models
  • Response Content Detection — Security compliance checks on model responses

Security Operations

  • Security Event Logging — Automatically records all security detection events with full query and audit support
  • Real-time Telemetry — Heartbeat and data reporting via WebSocket for centralized security posture awareness
  • Remote Policy Management — All security policies are centrally managed and dynamically pushed from the remote security service, with no Agent restart required

Technical Highlights

  • Zero-intrusion Integration — Runs as a standard OpenClaw plugin with no changes to Agent business code
  • Sync + Async Dual Path — Critical paths (e.g., tool call blocking) use synchronous detection for real-time enforcement; non-critical paths use async detection to minimize latency impact
  • High Availability & Fault Tolerance — Automatically falls back to allow when the remote service is unreachable, ensuring uninterrupted Agent operation
  • Closed-source Encrypted Delivery — Core code is obfuscated and encrypted for security

Requirements

  • Node.js >= 20 (LTS version, recommended 20.x or 22.x)
  • OpenClaw Agent runtime environment

Quick Install

npx -y tencent-claw-shield install --global

The installer will prompt you to configure the following in sequence:

  1. API Key — For remote security service authentication
  2. Server Address — IP and port of the remote security detection service
  3. WebSocket Address — IP and port of the telemetry reporting service

Non-interactive installation is also supported:

npx -y tencent-claw-shield install --global \
  --api-key '<your-api-key>' \
  --server-address <[http|https://]ip:port> \
  --ws-address <[ws|wss://]ip:port>

Server addresses support http:// and https:// protocol prefixes (e.g., https://203.0.113.1:443). Defaults to http if omitted. WebSocket addresses support ws:// and wss:// protocol prefixes (e.g., wss://203.0.113.1:8081). Defaults to ws if omitted. Certificate verification is automatically skipped in HTTPS / WSS mode.

Common Commands

# Update plugin
npx -y tencent-claw-shield update --global

# Configure API Key + Server + WebSocket at once (interactive prompts)
npx -y tencent-claw-shield set-config

# Or pass all parameters directly (non-interactive)
npx -y tencent-claw-shield set-config --api-key '<key>' --server-address <ip:port> --ws-address <ip:port>

# Modify API Key only
npx -y tencent-claw-shield set-api-key --global

# Modify Server address only (supports https:// prefix)
npx -y tencent-claw-shield set-server --server-address <ip:port>
npx -y tencent-claw-shield set-server --server-address https://203.0.113.1:443

# Modify WebSocket address only (supports wss:// prefix)
npx -y tencent-claw-shield set-websocket --ws-address <ip:port>
npx -y tencent-claw-shield set-websocket --ws-address wss://203.0.113.1:8081

# Hot-reload configuration
npx -y tencent-claw-shield reload

Uninstall

# Uninstall (keeps auth files for easy reinstallation)
npx -y tencent-claw-shield uninstall --global

# Full uninstall (also removes auth files)
npx -y tencent-claw-shield uninstall --global --purge

Temporarily Disable / Restore Protection

# Disable all protection (security checks, telemetry, Skills reporting all paused)
npx -y tencent-claw-shield bypass

# Restore all protection
npx -y tencent-claw-shield resume

In bypass mode, the plugin remains loaded in OpenClaw but all Hooks pass through directly without calling the remote detection service. Running resume immediately restores full protection — no Gateway restart required.

Integration Guide

Claw Shield's security detection capabilities rely on a remote security policy service. You need to complete security policy configuration on the remote platform before the plugin can provide protection.

The current version primarily targets OpenClaw Agent integration, with plans to support additional AI Agent frameworks in the future.

Contact & Onboarding

For more product information or to get started, please contact:

Email: [email protected]

About Us

Claw Shield is developed by the Tencent Security WAF Team, dedicated to providing professional runtime security solutions for the AI Agent ecosystem.

License

UNLICENSED — This is closed-source commercial software. Unauthorized copying, modification, or distribution is prohibited.