7 projects
openclaw-skill-vetter-mcp
MCP server for security-vetting third-party AI agent extensions before installation — Claude skills, ClawHub plugins, agent tool packs. v1.1: agent-config trust-boundary scanner (AGENTS.md / .cursor/rules.md / .claude/CLAUDE.md / .gemini/config / git hooks) addressing CVE-2026-26268. Outputs 0-100 risk score + BLOCK/REVIEW/CAUTION/CLEAN buckets.
openclaw-upgrade-orchestrator-mcp
MCP server for safe AI agent runtime upgrades — user-driven regression detection (catalog + pre/post snapshot diff + rollback) AND provider-side regression detection (passive fingerprint of latency/response-shape/model-version drift across hosted Anthropic/OpenAI/etc. calls). Read-only advisor: never executes the upgrade itself; operator retains full agency.
openclaw-health-mcp
MCP server for AI agent deployment health — gateway status, CPU/memory/swap, recent errors, skill registry integrity, upgrade history, cron + disk usage. Cross-platform Linux-proc backend; OpenClaw operators get native ~/.openclaw/ parsing as reference implementation.
openclaw-cost-tracker-mcp
MCP server for AI agent token-cost telemetry + quota-window awareness across Anthropic, OpenAI, Gemini, Ollama, AWS Bedrock. Per-agent + per-provider attribution, spend-spike anomaly detection, cheaper-model routing, monthly forecast, and 429-prediction tools that read rate-limit headers to project quota exhaustion before it happens. Reads cost-log JSONL with the standard schema.
silentwatch-mcp
MCP server for catching cron silent failures in production AI deployments — exit-0-with-empty-output detection, overdue jobs, retry storms, action-budget leaks. Works with system cron, systemd timers, OpenClaw cron logs, and any JSONL run-log.
openclaw-output-vetter-mcp
MCP server for verifying AI agent claims vs reality — inline grounding-check on retrieval context, swallowed-exception scanner on agent-written code, and multi-turn transcript review for unverified completions + cross-turn contradictions. Sub-second, local, free, MCP-native — the lightweight complement to dashboard-based eval frameworks (DeepEval, Phoenix, LangSmith).
bash-vet-mcp
MCP server that vets LLM-emitted shell commands BEFORE execution. Detects rm -rf in chains, current-dir wipes (the chiefofautism 'rm -rf your repo' pattern), find-exec-rm, package-glob removal (including --purge form and trailing globs like python3-*), dd/mkfs/wipefs, chmod 777, curl|bash + wget|sh + base64-decode|bash obfuscation, chained shutdown, git destructive ops. 30 rules / 8 families. Sub-second, local, no API key. Defensive complement to MCPShell/mcp-shell/mcp-bash.
