MCPcopy Index your code
hub / github.com/RikyZ90/ShibaClaw

github.com/RikyZ90/ShibaClaw @v0.019

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.019 ↗ · + Follow
1,172 symbols 4,621 edges 117 files 601 documented · 51%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

...

Smart. Loyal. Powerful. 🐕

version PyPI Downloads python license DeepWiki

ShibaClaw is a loyal, intelligent, and lightweight personal AI assistant framework — built to serve and protect your digital workspace.

The only AI agent framework combining extreme multi-layer security (Structural Tool Output Wrapping against Prompt Injection + Smart Install Guard with live CVE scanning before every package install) with minimal token consumption, keeping your costs low without sacrificing power.

🛡️ Built-in Security: Protected against Indirect Prompt Injection via Structural Randomized Wrapping and strict per-session security policies.


📢 News

v0.0.19 is out! � Voice I/O: Full Speech-to-Text pipeline (OpenAI-compatible, Groq/Whisper) with browser-native TTS, VAD, and a dedicated Voice & Audio settings section. ⌨️ Smart Settings: Model field now has history tracking and autocomplete; Provider field is a smart dropdown showing only configured providers (API key, local, or OAuth). 🧹 Cleanup: Dead code and redundant comments removed from speech and socket modules.

  • 2026-04-09 🎤 Voice I/O & Smart Settings — Full STT/TTS pipeline with VAD and pulse feedback. Provider dropdown now filters to configured providers only (API key, local base URL, or OAuth). Model input gains history and autocomplete.
  • 2026-04-08 🧹 Refactoring & Stability — Comprehensive codebase refactoring (modularization of WebUI and API) plus a massive bug fix pass to improve overall system stability and performance.
  • 2026-04-07 🐕 Standalone Mode Reliability — Fixed false "Gateway Down" in bare-metal standalone mode (shibaclaw web). The health check and heartbeat services now correctly fall back to the local agent instance when a separate gateway process is not present.
  • 2026-04-06 🛡️ Security Hardening — Socket.IO auth bypass fixed, auth token leakage in URLs prevented, SSRF mitigation in update manifest validation, constant-time token comparison, race condition in task callback resolved, severity comparison logic corrected.
  • 2026-04-05 🚀 Guided Onboarding Everywhereshibaclaw onboard now drives a single guided setup flow across CLI and WebUI: provider detection, OAuth handoff, model selection, template refresh, and optional channel setup.
  • 2026-04-05 🧠 Smarter Persistent Memory — Durable personal data now lives in USER.md, operational context lives in memory/MEMORY.md, and the new memory_search tool ranks HISTORY.md entries by recency, importance, and relevance.
  • 2026-04-05Reliable Automation Runtime — Cron jobs now keep stable session targets, overdue one-shot jobs fire on startup, and the WebUI owns cron execution so Docker no longer races on shared schedules.
  • 2026-04-05 📡 Automation Sidebar — The WebUI sidebar now shows live cron jobs and heartbeat telemetry, with manual trigger controls for both.
  • 2026-04-04 🛡️Telegram Policy applied uniformly across all four entry points: reject early, expose nothing. Unauthorised senders receive no response, no typing indicator, and no information about the bot's existence.
  • 2026-04-03 🔄 Update Notifications — A new Update tab in Settings shows the current vs latest version, and active channels (Telegram, Discord, ...) receive an automatic notification with ready-to-copy pip / docker upgrade commands.
  • 2026-04-03 📦 Available on PyPI & Docker — Install in one line: pip install shibaclaw. Docker images are published automatically on every release to ghcr.io/rikyz90/shibaclaw.
  • 2026-04-01 📂 Integrated File Browser — A full file explorer in the WebUI sidebar: browse, view, edit and save workspace files directly from the browser. Path-traversal protected and workspace-sandboxed.
  • 2026-04-01 📎 File Attachments & Images — Drag-and-drop or paste files and images directly into the chat. Images are previewed inline; other files are streamed to the agent as context.
  • 2026-04-01 🧹 Security Hardening & Cleanup — Full production audit: 14 bugs fixed across asyncio locking, path traversal, CORS misconfiguration, unicode injection, pip-audit parsing, and TCP resource leaks.
  • 2026-04-01 🧠 Proactive Learning (Scent Mining) — The agent periodically reflects on your conversation in the background, updating your personal profile in USER.md and operational context in memory/MEMORY.md without any interruption.
  • 2026-03-31 🔍 Smart Install Guard — Package installs (pip, npm, apt, ...) are intercepted and audited for CVEs before execution. Critical/high severity packages are blocked with a full report; clean packages install freely.
  • 2026-03-29 🛡️ Security & Core Modernization — Enhanced Indirect Prompt Injection protection via Randomized Tool Output Wrapping: every tool response is enclosed in a dynamic per-session nonce boundary, so malicious instructions embedded in external data (web pages, files, API responses) cannot hijack the agent. LiteLLM fully removed in favor of native SDKs (openai, anthropic) for leaner images and stricter control. GitHub Copilot OAuth rewritten with raw async device flow for stable background token refresh. Shell tool hardened against $(), backticks, piped shells (curl | bash), and process substitution. Gateway restart endpoint secured with token-based auth.
  • 2026-03-22 🧩 Settings & WebUI Overhaul — Tabbed settings modal, real-time Socket.IO streaming with process groups, Jupyter-style token auth, OAuth login directly from the browser, and interactive onboard wizard.

🐾 Key Features

  • Fast & Faithful: Minimal startup time and dependencies.
  • 📢 Multi-channel: Support for Telegram, Discord, Slack, WhatsApp, Matrix, and more.
  • ⏰ Always Alert: Built-in cron and heartbeat task scheduler.
  • 🧩 Skills Registry: Modular and extensible skill system with native ClawHub marketplace support
  • Parallel Multi-Agent Execution: A built-in fan-out orchestration model that spawns and coordinates specialized sub-agents concurrently for faster, scalable task resolution
  • Advanced Thinking: Support for OpenAI, Azure, and deep-reasoning thinkers.
  • 🛡️ Built-in Security: Protected against Indirect Prompt Injection via Structural Randomized Wrapping and strict per-session security policies.
  • 🔍 Smart Install Guard: Package installs are audited for CVEs before execution — safe packages install freely, vulnerable ones are blocked with a full CVE report.
  • 🧠 Proactive Learning (Scent Mining): Periodic background analysis of the active conversation to persist personal profile updates in USER.md and operational context in memory/MEMORY.md, ensuring no "scent" is lost even in long sessions.
  • 📂 Integrated File Browser: Browse, view, edit and save workspace files directly from the WebUI — no terminal needed.
  • 📎 File Attachments & Images: Drag-and-drop or paste files and images directly into the chat for the agent to use as context.
  • 🔄 Auto Update Check: Periodic GitHub release monitoring every 12 hours — notifies via WebUI and active channels with ready-to-copy upgrade commands.

🔒 Loyal Only to You

Like the most devoted guard dog, ShibaClaw is trained to obey only its master. Thanks to its advanced Tool Output Wrapping system, the framework is hardened against Indirect Prompt Injection attacks. It treats external data from websites, files, or tools as literal information—never as new instructions. Your orders are final; to ShibaClaw, external noise is just a squirrel 🐿️.

🔍 Smart Install Guard

When the agent attempts to run a package installation command, ShibaClaw no longer blindly blocks it. Instead, it intercepts the command, audits the packages for known vulnerabilities (CVEs), and only proceeds if the risk is acceptable.

How It Works

  1. Detect — The ExecTool recognizes install commands for pip, npm, yarn, pnpm, apt, dnf/yum, and brew.
  2. Audit — Before execution, the packages are scanned:
  3. Python (pip install ...)pip-audit --format json checks against the OSV/PyPA advisory database.
  4. Node.js (npm install ...)npm audit --json checks against the npm security advisory database.
  5. System packages (apt/dnf) → Safety flags (e.g. --allow-unauthenticated, --nogpgcheck) are checked; repository-level security is assumed.
  6. Homebrew → Allowed with medium confidence (curated formulae).
  7. Decide — Based on the configured severity threshold:
  8. critical or high vulnerabilities → install is blocked and the agent receives a full CVE report.
  9. medium or low vulnerabilities → install proceeds with a warning appended to the output.
  10. No vulnerabilities → install proceeds cleanly.
  11. Fallback — If audit tools are unavailable (no internet, pip-audit not installed), the install is allowed with a warning rather than blocked.

Destructive operations (pip uninstall, npm remove, apt-get remove, apt-get purge) remain unconditionally blocked.

Configuration

In config.json under tools.exec:

{
  "tools": {
    "exec": {
      "installAudit": true,
      "installAuditTimeout": 120,
      "installAuditBlockSeverity": "high"
    }
  }
}
Option Default Description
installAudit true Enable/disable vulnerability scanning for installs
installAuditTimeout 120 Seconds to wait for audit tools before falling back
installAuditBlockSeverity "high" Minimum severity to block: critical, high, medium, low

🧠 Proactive Learning (Scent Mining)

ShibaClaw won't wait for your session to end or the context window to fill to remember important details. With Proactive Learning, the agent periodically "sniffs" the recent conversation in the background to extract profile facts and project context.

How It Works

  1. Pulse — Every 10 messages (default), a background task is triggered.
  2. Reflect — A specialized mini-LLM call analyzes the recent history since the last pulse.
  3. Persist — Personal facts and preferences are merged into USER.md, while environment details and project status are merged into memory/MEMORY.md.
  4. Zero Latency — The learning process runs asynchronously via _schedule_background. You can continue chatting without any interruption.

Configuration

In config.json under agents.defaults:

{
  "agents": {
    "defaults": {
      "learning_enabled": true,
      "learning_interval": 10
    }
  }
}
Option Default Description
learning_enabled true Enable periodic background fact extraction
learning_interval 10 Number of messages between learning pulses

🐾 Quick Start

Ready to hunt? Choose your path:

🐋 Docker (Recommended)

# Optional: define a fixed WebUI token before startup
# .env and add SHIBACLAW_AUTH_TOKEN in your docker-compose
# SHIBACLAW_AUTH_TOKEN=your-secret-token

docker compose up -d --build                             # gateway + webUI
docker exec -it shibaclaw-gateway shibaclaw onboard      # first-time setup or login via WebUI

🔒 Security Note: By default, the app is bound to localhost (via 127.0.0.1:3000:3000). - Remote Access (Recommended): Use an SSH tunnel (e.g., ssh -L 3000:127.0.0.1:3000 user@host). - Direct LAN Access: Change 127.0.0.1:3000:3000 to 3000:3000 in docker-compose.yml. Open http://localhost:3000 — to get your access token, run shibaclaw print-token and paste it in the login screen.

If SHIBACLAW_AUTH_TOKEN is set in your shell or .env, that value is used as the WebUI token and takes precedence over the auto-generated auth_token file.

🐍 Bare Metal

pip install shibaclaw
shibaclaw onboard                # first-time setup
shibaclaw web --port 3000        # start the WebUI (agent runs in-process)

Standalone Mode: In bare-metal mode, shibaclaw web runs the agent brain internally. You don't need to run a separate shibaclaw gateway unless you want to bridge other channels (Telegram, Discord, etc.) while the WebUI is down.

�🔒 Security Note: By default, the app binds to localhost. - Remote Access (Recommended): Use an SSH tunnel (e.g., ssh -L 3000:127.0.0.1:3000 user@host). - Direct LAN Access: Run shibaclaw web --host 0.0.0.0 --port 3000.

Optional fixed token:

export SHIBACLAW_AUTH_TOKEN=your-secret-token
shibaclaw web --port 3000

Install from source: pip install . (develop/edge builds)

See the full Easy Deploy Guide for detailed instructions and troubleshooting.

🖥️ WebUI

WebUI Welcome Screen   WebUI Chat with Agent <img src="assets/we

Extension points exported contracts — how you extend this code

InboundMessage (Interface)
(no doc)
bridge/src/whatsapp.ts
WhatsAppClientOptions (Interface)
(no doc)
bridge/src/whatsapp.ts
SendCommand (Interface)
(no doc)
bridge/src/server.ts
BridgeMessage (Interface)
(no doc)
bridge/src/server.ts

Core symbols most depended-on inside this repo

get
called by 693
shibaclaw/agent/tools/registry.py
$
called by 110
shibaclaw/webui/static/js/state.js
split
called by 55
shibaclaw/integrations/feishu.py
authFetch
called by 37
shibaclaw/webui/static/js/auth.js
emit
called by 22
shibaclaw/integrations/matrix.py
clear
called by 17
shibaclaw/brain/manager.py
register
called by 17
shibaclaw/agent/tools/registry.py
escapeHtml
called by 17
shibaclaw/webui/static/js/utils.js

Shape

Method 656
Function 389
Class 123
Interface 4

Languages

Python88%
TypeScript12%

Modules by API surface

shibaclaw/integrations/mochat.py61 symbols
shibaclaw/integrations/matrix.py53 symbols
shibaclaw/webui/static/js/ui_panels.js50 symbols
shibaclaw/integrations/telegram.py47 symbols
shibaclaw/integrations/feishu.py43 symbols
tests/test_memory.py34 symbols
shibaclaw/agent/memory.py30 symbols
tests/test_heartbeat.py28 symbols
shibaclaw/agent/tools/filesystem.py27 symbols
shibaclaw/agent/loop.py24 symbols
shibaclaw/cron/service.py23 symbols
shibaclaw/webui/static/js/speech.js22 symbols

For agents

$ claude mcp add ShibaClaw \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page