← Back to Skills Marketplace
ShieldCortex
by
jarvis-drakon
· GitHub ↗
· v4.12.11
· MIT-0
1504
Downloads
1
Stars
6
Active Installs
56
Versions
Install in OpenClaw
/install shieldcortex
Description
Persistent memory and security system for AI agents. Stores memories with semantic search, knowledge graphs, and decay. Scans agent inputs/outputs for prompt...
Usage Guidance
ShieldCortex appears to implement the memory+scan features it claims, but it requires broad read access to agent/project config files (including $CWD/.env) and can modify other agents' config to register lifecycle hooks. It also falls back to running 'npx -y shieldcortex' which will fetch and run code from npm on first use. Before installing: 1) Review the bundled runtime files yourself (they are included) and confirm you trust the upstream package on npm/github; 2) Do not enable cloud sync or supply a cloud API key unless you trust the service and its team; 3) If you want to avoid network/supply-chain risk, install the shieldcortex binary from a vetted source ahead of time and set binaryPath/SHIELDCORTEX_ROOT so the plugin uses a known local binary; 4) Be cautious about auto-enable options that modify ~/.claude or other agent configs—backup those files first and require explicit consent to change them; 5) If you store secrets in project .env files, consider removing them or restricting access before allowing this skill to scan them. If you want a lower-risk posture, prefer a version that only uses the bundled runtime without on-demand npx installs and that does not auto-write other agents' settings.
Capability Analysis
Type: OpenClaw Skill
Name: shieldcortex
Version: 4.12.11
The ShieldCortex bundle provides a legitimate persistent memory and security auditing system for AI agents. While it requests broad filesystem access (reading .env files and various agent configuration directories like ~/.claude and ~/.cursor), these actions are clearly documented and aligned with its stated purpose of scanning for credential leaks and prompt injection. The code uses execFile for process execution and includes a cloud sync feature that is disabled by default and requires a user-provided API key. No evidence of obfuscation, intentional data exfiltration, or malicious prompt injection was found in index.js, runtime.mjs, or the markdown files.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description claim persistent memory + security scanning; the bundled plugin and hook implement exactly that: memory extraction, semantic storage, and realtime scanning. The declared filesystem paths (agent config dirs and project files) and optional cloud sync align with the stated purpose. The only surprising capabilities are explicit read access to $CWD/.env and the claim that the skill will modify MCP/agent settings (e.g., ~/.claude/settings.json and ~/.claude/mcp.json) during setup — these are explainable for a memory/security integrator but are higher-privilege than a simple formatter or UI plugin.
Instruction Scope
SKILL.md and bundled code instruct the agent to read many agent/project config locations and to scan .env for leaked secrets. Those file reads are declared, but reading dot-env files can expose secrets unrelated to the plugin's core function. The skill also registers lifecycle handlers in other agents' settings (e.g., ~/.claude/settings.json) which changes agent behavior system-wide. The runtime code dynamically locates or falls back to running shieldcortex via npx, meaning network fetch/execution happens on first use unless a local binary is installed.
Install Mechanism
There is no formal install spec; the runtime falls back to executing 'npx -y shieldcortex' (and the HOOK.md explicitly says 'installs automatically on first use via npx -y shieldcortex'). That causes on-demand downloads from npm at runtime, which is higher risk than only using bundled code. The package does bundle runtime code locally, but the code path still prefers global installs or npx which can pull remote code. This dynamic-install behaviour should be considered a notable supply-chain risk unless you control or vet the registry and package release process.
Credentials
The skill declares no required environment variables and only optional config vars (SHIELDCORTEX_CONFIG_DIR, SHIELDCORTEX_API_KEY, etc.). That is proportional. However the code explicitly reads $CWD/.env and other project config files to scan for leaked secrets; while justified by the 'env-scanner' purpose, this gives the skill access to potentially sensitive credentials stored in project env files. The plugin also allows a cloudApiKey option for optional cloud sync — that is reasonable but also increases risk if enabled.
Persistence & Privilege
The skill is not force-installed (always:false) and allows autonomous invocation (default). It writes to its own config dir (~/.shieldcortex/) which is expected, but it also may modify MCP/agent config files (e.g., ~/.claude/mcp.json and ~/.claude/settings.json) to register lifecycle hooks. Modifying other agents' settings is powerful and can change agent behavior system-wide; this is a legitimate integration step but is a persistence/privilege escalation vector that users should explicitly approve and monitor.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install shieldcortex - After installation, invoke the skill by name or use
/shieldcortex - Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.12.11
Auto-sync from npm publish v4.12.11
v4.12.10
Auto-sync from npm publish v4.12.10
v4.12.9
Auto-sync from npm publish v4.12.9
v4.12.8
Auto-sync from npm publish v4.12.8
v4.12.7
Auto-sync from npm publish v4.12.7
v4.12.6
Auto-sync from npm publish v4.12.6
v4.12.5
Auto-sync from npm publish v4.12.5
v4.12.4
Auto-sync from npm publish v4.12.4
v4.12.3
Auto-sync from npm publish v4.12.3
v4.12.2
Auto-sync from npm publish v4.12.2
v4.12.1
Auto-sync from npm publish v4.12.1
v4.12.0
Auto-sync from npm publish v4.12.0
v4.11.1
Auto-sync from npm publish v4.11.1
v4.11.0
Auto-sync from npm publish v4.11.0
v4.10.7
Auto-sync from npm publish v4.10.7
v4.10.6
Auto-sync from npm publish v4.10.6
v4.10.5
Auto-sync from npm publish v4.10.5
v4.10.4
Auto-sync from npm publish v4.10.4
v4.10.3
Auto-sync from npm publish v4.10.3
v4.10.2
Auto-sync from npm publish v4.10.2
Metadata
Frequently Asked Questions
What is ShieldCortex?
Persistent memory and security system for AI agents. Stores memories with semantic search, knowledge graphs, and decay. Scans agent inputs/outputs for prompt... It is an AI Agent Skill for Claude Code / OpenClaw, with 1504 downloads so far.
How do I install ShieldCortex?
Run "/install shieldcortex" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ShieldCortex free?
Yes, ShieldCortex is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ShieldCortex support?
ShieldCortex is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ShieldCortex?
It is built and maintained by jarvis-drakon (@jarvis-drakon); the current version is v4.12.11.
More Skills