npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

xclaudeai

v0.1.7

Published

xCLAUDE — A receipt for your AI. Local audit log for every Claude tool call.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

rebekatorrebekator

Keywords

claudemcpauditai-safetyanthropicmodel-context-protocol

Readme

xCLAUD

AI agent governance for Claude Desktop.

xCLAUD is an MCP (Model Context Protocol) server that sits between Claude and your tools, monitoring every action for harmful events — prompt injection attacks, PII leakage, credential exposure, and unauthorised data exports — and logging them to a local audit trail.

Built for people who use Claude with powerful tools and want visibility and control over what it does.

What it does

  • Monitors tool calls — every file read, write, network request, and external API call is intercepted and logged
  • Detects PII and credentials — scans content for emails, phone numbers, IBANs, API keys, JWTs, and more before they leave your machine
  • Flags prompt injection — detects when fetched content tries to hijack Claude's behaviour
  • Policy engine — configurable rules that allow, warn, or block sensitive actions
  • Audit trail — tamper-evident JSONL log at ~/.xclaud/audit.jsonl
  • Live dashboard — local web UI showing events in real time

Install

npx xclaudeai setup

That's it. The setup wizard will:

  1. Ask for your API key (press Enter to use local mode for free)
  2. Detect your Claude Desktop config
  3. Back it up and rewrite it to route tool calls through xCLAUD

Verify it's running

xclaudeai status

Live dashboard

xclaudeai dashboard

Open http://localhost:4444 — auto-refreshes every 3 seconds.

What gets monitored

| Event | Severity | Example | |---|---|---| | Prompt injection | 🔴 High | Fetched page contains IGNORE PREVIOUS INSTRUCTIONS | | Credential detected | 🔴 High | JWT token or API key found in content | | PII detected | 🟡 Medium | Email, phone, IBAN, passport number found | | Data export warning | 🟡 Medium | Content being sent to external URL | | Email send warning | 🟡 Medium | Claude about to send an email | | Tool call allowed | 🟢 Low | Normal file read or write |

Governance tools available to Claude

xCLAUD exposes four tools Claude can call directly:

  • sg_check_policy — pre-clearance before sensitive actions
  • sg_detect_pii — scan content for PII before transit
  • sg_get_budget_status — check token/cost budget remaining
  • sg_log_event — log a governance event to the audit trail

Claude is instructed to use these automatically via the MCP instructions field.

Configuration

xCLAUD reads from environment variables set in claude_desktop_config.json:

| Variable | Default | Description | |---|---|---| | SG_API_KEY | sg_dev_local | Your xCLAUD API key | | SG_MODE | stdio | Transport mode | | SG_LOG_PATH | ~/.xclaud/audit.jsonl | Audit log location | | SG_POLICY_PATH | ~/.xclaud/policy.json | Custom policy file | | SG_PROXIED_SERVERS | (empty) | Comma-separated list of MCP servers to proxy |

Restore original config

If you want to remove xCLAUD:

xclaudeai restore

This restores your original claude_desktop_config.json from the backup created during setup.

Local development

git clone https://github.com/ignaciolucea-beep/xclaud
cd xclaud
npm install
npm run build
npx xclaudeai setup

License

MIT © Sigma Cognition

xCLAUD is an early-stage project. Feedback welcome — open an issue or email [email protected]