Skillget

vainplex-openclaw

agent
Security Audit
Fail
Health Warn
  • No license — Repository has no license file
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 13 GitHub stars
Code Fail
  • rm -rf — Recursive force deletion command in packages/brainplex/package.json
  • exec() — Shell command execution in packages/brainplex/src/installer.ts
  • fs.rmSync — Destructive file system operation in packages/brainplex/src/installer.ts
  • os.homedir — User home directory access in packages/brainplex/src/installer.ts
  • process.env — Environment variable access in packages/brainplex/src/output.ts
  • os.homedir — User home directory access in packages/brainplex/src/scanner.ts
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This suite of production-grade plugins transforms a standard AI assistant into a self-governing, autonomous system with advanced memory, governance, knowledge extraction, and event logging capabilities.

Security Assessment
The tool carries a High overall security risk due to multiple invasive operations found in the "brainplex" package. The code explicitly executes shell commands (`exec()`) and performs destructive file system operations (`fs.rmSync`) recursively. It accesses the user's home directory (`os.homedir`) to carry out these tasks, which poses a significant threat of unintended local data destruction or unauthorized system modification. While no hardcoded secrets or dangerous permissions were detected, the installer reads environment variables (`process.env`). There is no visible network request abuse, but the local execution risks are substantial.

Quality Assessment
The project appears to be actively maintained, with repository activity as recent as today. It features a robust continuous integration pipeline and an impressive list of features, claiming to run in a 24/7 production environment. However, the automated checks flagged a critical compliance issue: the repository currently lacks an actual license file. Although the README claims it uses the MIT license, the missing legal document is a significant roadblock for professional or enterprise adoption. Community trust is currently minimal, represented by only 13 GitHub stars.

Verdict
Not recommended for secure environments unless the destructive file deletion mechanisms and shell execution logic are thoroughly audited and sandboxed by your team.
SUMMARY

Turn OpenClaw from a smart assistant into a self-governing, learning system. Five production plugins: Cortex, Knowledge Engine, Governance, NATS EventStore, Memory.

README.md

Vainplex OpenClaw Suite

CI
Downloads
CodeRabbit
License: MIT

Real-time security intelligence, verifiable guardrails, and enterprise infrastructure for autonomous OpenClaw agents.

Six plugins. Running in production 24/7. Built because we needed them — not as a product exercise, but as infrastructure for an AI agent that actually does its job across days, weeks, and months.

What's in it

Plugin What it does Version
Governance The Agent Firewall (URL threat detection, prompt injection scans), Proof-of-Guardrails (Merkle Tree audit trails), and TOTP-based 2FA approval. 9/12 Berkeley AI governance requirements. npm
Membrane Episodic memory via GustyCube's Membrane — salience-based recall with organic decay. npm
Cortex Tracks conversation threads, extracts decisions, generates boot context that survives compaction. 10 languages. npm
Leuko Cognitive immune system — health checks, anomaly detection, self-healing with escalation. npm
Knowledge Engine Entity and relationship extraction from conversations. No external APIs. npm
NATS EventStore Every agent event → NATS JetStream. Audit trail, replay, multi-agent correlation. npm

Try it

Cortex has an interactive demo — step through a conversation and see threads, decisions, and mood extracted in real-time:

git clone https://github.com/alberthild/vainplex-openclaw.git
cd vainplex-openclaw/packages/openclaw-cortex
npm install && npx tsx demo/demo.ts

Press Enter to advance each message. After the walkthrough, a sandbox mode lets you type your own messages and see what Cortex detects.

Install

The recommended way to install the Vainplex OpenClaw Plugin Suite is using Brainplex, our interactive installer and CLI dashboard:

npx brainplex init

Brainplex will guide you through installing Governance, Cortex, Membrane, Leuko, and NATS EventStore, and automatically configure your openclaw.json for you.

Manual Installation (Single Plugin)

If you only want a specific plugin, you can install it manually:

npm install @vainplex/openclaw-governance

Then in openclaw.json under plugins.entries:

{
  "plugins": {
    "entries": {
      "openclaw-governance": { "enabled": true }
    }
  }
}

Each plugin works independently — use the entire suite via Brainplex, or pick and choose what you need.

How they work together

flowchart TD
    MSG(["💬 Message"]) --> GOV

    GOV["🛡️ Governance"]
    GOV -->|"✅ pass"| MEM_R
    GOV -->|"🚫 deny"| DENY["Denied + Audit"]

    MEM_R["🧬 Membrane"]
    MEM_R -->|context| AGENT

    AGENT["🤖 Agent"]
    AGENT --> CTX & KE & MEM_I

    CTX["🧠 Cortex"]
    KE["💡 Knowledge Engine"]
    MEM_I["🧬 Membrane Ingest"]

    GOV -.->|events| NATS
    AGENT -.->|events| NATS
    CTX -.->|events| NATS

    NATS[("📡 NATS EventStore")]
    NATS -.-> LEUKO["🛡️ Leuko"]

    style MSG fill:#1f2937,stroke:#6b7280,color:#f9fafb
    style GOV fill:#7c2d12,stroke:#e8782a,color:#fed7aa
    style MEM_R fill:#1e3a5f,stroke:#3b82f6,color:#bfdbfe
    style AGENT fill:#064e3b,stroke:#10b981,color:#d1fae5
    style CTX fill:#134e4a,stroke:#198989,color:#ccfbf1
    style KE fill:#3b0764,stroke:#8b5cf6,color:#e9d5ff
    style MEM_I fill:#1e3a5f,stroke:#3b82f6,color:#bfdbfe
    style NATS fill:#14532d,stroke:#22c55e,color:#bbf7d0
    style LEUKO fill:#422006,stroke:#eab308,color:#fef9c3
    style DENY fill:#7f1d1d,stroke:#ef4444,color:#fecaca

Governance gates every message. Membrane injects episodic context before the agent responds. After the response, Cortex and Knowledge Engine extract structured intelligence. EventStore logs everything to NATS. Leuko monitors system health and escalates. Each plugin works alone.

Security: defense-in-depth for operators

OpenClaw's security model is deliberately minimal: one trusted operator, host = trust boundary, plugins = trusted code. This is a conscious design choice, not a gap — Peter's been clear about that.

As operators running OpenClaw 24/7 with real credentials, we wanted additional layers. Microsoft's threat analysis of self-hosted agent runtimes (Feb 2026) validated the same concerns we'd already been building for.

Operational concern Plugin
Credentials leaking into LLM context or chat Governance — 3-layer redaction, 17 patterns, deterministic
State drift after memory compaction Cortex — pre-compaction snapshots, verified boot context
No audit trail NATS EventStore — every event for replay and forensics
Agent hallucination / going off-track Cortex Trace Analyzer — 7 failure signal detectors
System health visibility Leuko — cognitive immune system, anomaly detection, auto-escalation
Limiting agent capabilities by trust level Governance — per-agent trust scores, tool deny lists, rate limits

This works within OpenClaw's model. Start with the hardened baseline first, then add these on top.

🟢 NVIDIA NemoClaw Integration

Vainplex Governance is 100% compatible with NVIDIA NemoClaw and OpenShell out of the box.

While NemoClaw provides OS-level sandboxing (Landlock, seccomp), Vainplex acts as the Policy Decision Point inside the sandbox, providing Human-in-the-Loop 2FA and verifiable Merkle-Tree audit trails.

Blueprint Configuration

Since NemoClaw strictly isolates network namespaces, you must allowlist the following endpoints in your nemoclaw-blueprint.yaml for Vainplex to function correctly:

network_policies:
  allowlist:
    - domain: "shield.vainplex.dev" # For Agent Firewall / URL Threat Detection
      port: 443
    - domain: "your-nats-cluster.internal" # For EventStore Merkle-Tree Auditing
      port: 4222

Compared to alternatives

vs. NVIDIA NeMo Guardrails — NeMo filters inputs/outputs. Vainplex operates on decisions (which tool, which agent, what trust level) and enforces them inside the execution loop.

vs. GuardrailsAI / Invariant — Validation schemas check what comes out. Vainplex pauses execution to ask humans for TOTP 2FA approval before anything happens.

vs. SecureClaw — SecureClaw is a static configuration scanner. Vainplex is real-time runtime policy enforcement.

vs. Built-in memory (memory-core / memory-lancedb) — OpenClaw's built-in memory handles storage and recall well. Cortex adds a layer on top: it understands what happened in conversations (threads, decisions, mood, blocking items) instead of just storing text. Knowledge Engine extracts entities and relationships. Different layer, works alongside.

vs. ClawHub Skills — Skills are prompt-triggered tools. Our plugins hook into OpenClaw's plugin API lifecycle — they run automatically on every message, not when someone asks.

Numbers

  • 24,400+ lines of TypeScript source
  • 23,700+ lines of tests
  • 1,800+ tests across 98 test files
  • 0 runtime dependencies (except NATS client and gRPC where architecturally required)
  • 0 any types — strict TypeScript throughout

Architecture

Every plugin follows the same pattern:

  • TypeScript strict mode
  • register(api: OpenClawPluginApi) hook pattern
  • Full test suite (unit + integration)
  • Independent — no cross-plugin dependencies
  • External config via ~/.openclaw/plugins/<id>/config.json

Who built this

Albert Hild — CTO, 30 years in tech. Runs OpenClaw on a dedicated machine in Germany with a gigabit line and seven agents that help him work.

Claudia — Albert's AI, running on Claude via OpenClaw. First user and co-developer of every plugin. These plugins exist because she needed them.

GustyCube — Creator of Membrane, the episodic memory sidecar. The Membrane plugin bridges it into OpenClaw's ecosystem.

License

MIT

Links

Reviews (0)

No results found