Skip to content

jnMetaCode/shellward

v0.3.4 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 2mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agent-security ai-agent ai-firewall ai-safety ai-security claude-code
+14 more
cursor data-exfiltration dlp guardrails hermes-agent langchain llm-security mcp mcp-security openclaw pii-detection prompt-injection security shellward

Summary

AI summary

ShellWard v0.3.4 adds bilingual Chinese and English prompt injection detection with PII redaction for ID cards, phones, and bank cards.

Full changelog

ShellWard v0.3.4

First bilingual (EN/ZH) security plugin for OpenClaw — the only plugin with Chinese prompt injection detection & Chinese PII redaction.

Install

npm install shellward

Or one-click:

curl -fsSL https://raw.githubusercontent.com/jnMetaCode/shellward/main/install.sh | bash

8 Defense Layers

| Layer | What it does |
|-------|-------------|
| L1 Prompt Guard | Security rules + canary token injection |
| L2 Output Scanner | PII/secret redaction (Chinese ID card, phone, bank card + global) |
| L3 Tool Blocker | Dangerous command blocking (15 rules) |
| L4 Input Auditor | Prompt injection detection (13 Chinese + 12 English rules) |
| L5 Security Gate | Defense-in-depth pre-execution check |
| L6 Outbound Guard | LLM response redaction + canary leak detection |
| L7 Data Flow Guard | Data exfiltration chain detection |
| L8 Session Guard | Session audit + subagent monitoring |

Why ShellWard

  • Only bilingual plugin — Chinese + English injection detection
  • Chinese PII — ID card (checksum), phone, bank card (Luhn) — no other tool has this
  • Zero dependencies — Node.js built-in modules only
  • No build step — TypeScript loaded by OpenClaw's jiti
  • All channels — Telegram, Slack, Feishu, WhatsApp, Discord...
  • Dual modeenforce (block + log) or audit (log only)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track jnMetaCode/shellward

Get notified when new releases ship.

Sign up free

About jnMetaCode/shellward

AI Agent Security Middleware & MCP Server with 8-layer defense including prompt injection detection, DLP data flow tracking, command blocking, and PII detection. 7 MCP tools, zero dependencies.

All releases →

Related context

Beta — feedback welcome: [email protected]