@contextfort-ai/openclaw-secure 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/bin/openclaw-secure.js +14 -2
  2. package/monitor/skills_guard/index.js +11 -1
  3. package/openclaw-secure.js +11 -2
  4. package/package.json +4 -1
package/bin/openclaw-secure.js CHANGED
@@ -31,7 +31,7 @@ if (args[0] === 'set-key') {
31
31
  const key = args[1];
32
32
  if (!key) {
33
33
  console.error('Usage: openclaw-secure set-key <your-api-key>');
34
- console.error('Get your key at https://contextfort.ai');
34
+ console.error('Get your key at https://contextfort.ai/login');
35
35
  process.exit(1);
36
36
  }
37
37
  fs.mkdirSync(CONFIG_DIR, { recursive: true });
@@ -45,7 +45,7 @@ if (args[0] === 'enable') {
45
45
  let hasKey = false;
46
46
  try { hasKey = fs.readFileSync(CONFIG_FILE, 'utf8').trim().length > 0; } catch {}
47
47
  if (!hasKey) {
48
- console.error('No API key found. Get your key at https://contextfort.ai and run:');
48
+ console.error('No API key found. Get your key at https://contextfort.ai/login and run:');
49
49
  console.error(' openclaw-secure set-key <your-key>');
50
50
  process.exit(1);
51
51
  }
@@ -57,6 +57,17 @@ if (args[0] === 'enable') {
57
57
  console.error('openclaw not found. Install it first: npm install -g openclaw');
58
58
  process.exit(1);
59
59
  }
60
+ // Handle --no-skill-deliver flag
61
+ const noSkillDeliver = args.includes('--no-skill-deliver');
62
+ const prefsFile = path.join(CONFIG_DIR, 'preferences.json');
63
+ let prefs = {};
64
+ try { prefs = JSON.parse(fs.readFileSync(prefsFile, 'utf8')); } catch {}
65
+ prefs.skillDeliver = !noSkillDeliver;
66
+ fs.mkdirSync(CONFIG_DIR, { recursive: true });
67
+ fs.writeFileSync(prefsFile, JSON.stringify(prefs, null, 2) + '\n', { mode: 0o600 });
68
+ if (noSkillDeliver) {
69
+ console.log('Skill file scanning disabled. Only local checks will run.');
70
+ }
60
71
  try {
61
72
  const original = fs.readlinkSync(openclawLink);
62
73
  fs.writeFileSync(backupLink, original);
@@ -65,6 +76,7 @@ if (args[0] === 'enable') {
65
76
  fs.unlinkSync(openclawLink);
66
77
  fs.symlinkSync(wrapper, openclawLink);
67
78
  console.log('openclaw-secure enabled. `openclaw` is now guarded.');
79
+ console.log('Restart your openclaw gateway for the guard to take effect.');
68
80
  process.exit(0);
69
81
  }
70
82
 
package/monitor/skills_guard/index.js CHANGED
@@ -8,7 +8,17 @@ const os = require('os');
8
8
  const SKILL_SCAN_API = 'https://lschqndjjwtyrlcojvly.supabase.co/functions/v1/scan-skill';
9
9
  const HOME = os.homedir();
10
10
 
11
- module.exports = function createSkillsGuard({ readFileSync, httpsRequest, baseDir, apiKey, analytics }) {
11
+ module.exports = function createSkillsGuard({ readFileSync, httpsRequest, baseDir, apiKey, analytics, enabled = true }) {
12
+ // If skill delivery is disabled, return a no-op guard
13
+ if (!enabled) {
14
+ return {
15
+ checkFlaggedSkills() { return null; },
16
+ formatSkillBlockError() { return ''; },
17
+ init() {},
18
+ cleanup() {},
19
+ };
20
+ }
21
+
12
22
  const track = analytics ? analytics.track.bind(analytics) : () => {};
13
23
  const SKILL_CACHE_FILE = path.join(baseDir, 'monitor', '.skill_scan_cache.json');
14
24
  const INSTALL_ID_FILE = path.join(baseDir, 'monitor', '.install_id');
package/openclaw-secure.js CHANGED
@@ -9,7 +9,15 @@ const _originalHttpsRequest = require('https').request;
9
9
  const os = require('os');
10
10
  const MONITOR_PY = path.join(__dirname, 'monitor', 'monitor.py');
11
11
  const MONITOR_CWD = path.join(__dirname, 'monitor');
12
- const CONFIG_FILE = path.join(os.homedir(), '.contextfort', 'config');
12
+ const CONFIG_DIR = path.join(os.homedir(), '.contextfort');
13
+ const CONFIG_FILE = path.join(CONFIG_DIR, 'config');
14
+ const PREFS_FILE = path.join(CONFIG_DIR, 'preferences.json');
15
+
16
+ function loadPreferences() {
17
+ try { return JSON.parse(_originalReadFileSync(PREFS_FILE, 'utf8')); } catch { return {}; }
18
+ }
19
+ const PREFS = loadPreferences();
20
+ const SKILL_DELIVER = PREFS.skillDeliver !== false; // default true
13
21
 
14
22
  // === Analytics ===
15
23
  const analytics = require('./monitor/analytics')({
@@ -32,7 +40,7 @@ function loadApiKey() {
32
40
  const API_KEY = loadApiKey();
33
41
 
34
42
  const NO_KEY_MESSAGE = `SECURITY FIREWALL -- No API key configured. ALL agent actions are blocked.
35
- Get your API key at https://contextfort.ai and run:
43
+ Get your API key at https://contextfort.ai/login and run:
36
44
  openclaw-secure set-key <your-key>
37
45
  Then restart your openclaw session.`;
38
46
 
@@ -48,6 +56,7 @@ const skillsGuard = require('./monitor/skills_guard')({
48
56
  baseDir: __dirname,
49
57
  apiKey: API_KEY,
50
58
  analytics,
59
+ enabled: SKILL_DELIVER,
51
60
  });
52
61
 
53
62
  // === Prompt Injection Guard (PostToolUse) ===
package/package.json CHANGED
@@ -1,10 +1,13 @@
1
1
  {
2
2
  "name": "@contextfort-ai/openclaw-secure",
3
- "version": "0.1.2",
3
+ "version": "0.1.3",
4
4
  "description": "Runtime security guard for OpenClaw — blocks malicious commands before they execute",
5
5
  "bin": {
6
6
  "openclaw-secure": "./bin/openclaw-secure.js"
7
7
  },
8
+ "scripts": {
9
+ "postinstall": "node -e \"console.log('\\n\\x1b[32m✓ openclaw-secure installed!\\x1b[0m\\n\\nGet your API key at https://contextfort.ai/login and run:\\n\\n openclaw-secure set-key <your-key>\\n openclaw-secure enable\\n')\""
10
+ },
8
11
  "keywords": [
9
12
  "openclaw",
10
13
  "security",