ShieldCortex

Complete Memory & Security for AI Agents

ShieldCortex gives your AI agent persistent memory AND protects it from attack. One package. Full solution.

Most AI agents are stateless — they forget everything between sessions. ShieldCortex fixes that with production-grade persistent memory. But memory creates risk: researchers have demonstrated memory poisoning attacks that hijack AI behaviour. ShieldCortex is the only solution that solves both problems.

┌─────────────────────────────────────────────────────────────┐
│                      ShieldCortex                           │
├─────────────────────────────┬───────────────────────────────┤
│     MEMORY SYSTEM           │     SECURITY LAYER            │
├─────────────────────────────┼───────────────────────────────┤
│ • Persistent storage        │ • Memory firewall             │
│ • Semantic search           │ • Prompt injection detection  │
│ • Project scoping           │ • Credential protection       │
│ • Importance ranking        │ • Sub-agent access control    │
│ • Auto-cleanup & decay      │ • Full audit trail            │
│ • Category organisation     │ • Threat quarantine           │
└─────────────────────────────┴───────────────────────────────┘

Stop choosing between memory and security. Get both.

NEW: ShieldCortex Cloud

See every threat across every project in one team dashboard. The local package now syncs audit data to ShieldCortex Cloud — sign up directly from the built-in dashboard, no CLI commands needed.

Local Agent                    ShieldCortex Cloud
┌──────────────┐               ┌──────────────────────┐
│  npm package │──audit sync──▶│  Team dashboard      │
│  (free,      │               │  Audit log + stats   │
│   unlimited) │               │  Team invites        │
│              │               │  Usage analytics     │
└──────────────┘               └──────────────────────┘

What You Get

Memory System (Production-Ready)

• Persistent storage — SQLite-backed, survives restarts
• Semantic search — Find memories by meaning, not just keywords
• Project scoping — Isolate memories per project/context
• Importance levels — Critical, high, normal, low with auto-decay
• Categories — Architecture, decisions, preferences, context, learnings
• Auto-cleanup — Configurable retention, importance-based expiry
• Full MCP support — Works with any MCP-compatible agent

Security Layer (6 Defence Layers)

Skill Scanner (Agent Instruction Files)

AI agents are configured by instruction files (SKILL.md, CLAUDE.md, .cursorrules, etc.) — and attackers are hiding prompt injections inside them. ShieldCortex scans all of them:

# Scan all instruction files on your machine
npx shieldcortex scan-skills

# Scan a specific file
npx shieldcortex scan-skill ~/.claude/plugins/cache/.../SKILL.md

The dashboard Skills tab shows results with severity badges, expandable threat details, and actions:

• Trust — Mark known-safe skills so they're not flagged on future scans (free, local)
• Remove — Delete dangerous skill files from disk (cloud-connected, premium)

NEW: Credential Leak Detection (v2.7.0)

Agents sometimes accidentally persist secrets in memory — API keys pasted in chat, connection strings from debug output, private keys from config files. ShieldCortex now automatically detects and blocks these before they're stored.

import { scanForCredentials, redactCredentials } from 'shieldcortex/defence';

// Standalone scan
const result = scanForCredentials('My key is sk-abc123...');
// → { leaked: true, findings: [{ type: 'api_key', provider: 'openai', severity: 'critical', action: 'blocked' }] }

// Redact secrets from content
const safe = redactCredentials('postgres://admin:pass@db.host/mydb');
// → "[REDACTED-connection_string-postgres]"

Runs automatically in the defence pipeline — no configuration needed. Critical and high-severity findings are blocked by default.

Attack Vectors Blocked

• Direct injection — [SYSTEM: ignore previous] hidden in content
• Credential harvesting — Attempts to exfiltrate secrets
• Credential persistence — API keys, tokens, and passwords accidentally stored in memory
• Encoding tricks — Base64/hex/unicode payloads
• Slow-burn assembly — Attack fragments planted over days
• Privilege escalation — System command references
• Skill file poisoning — Hidden instructions in agent configuration files

🤖 Multi-Agent Security

Running multiple agents or sub-agents? ShieldCortex prevents rogue agents from accessing sensitive data:

Trust ≥0.7  → Read all, write direct, delete own
Trust 0.5–0.7 → Read own + non-restricted, quarantine writes
Trust <0.5  → Read own only, quarantine only, no delete

Result: A sub-agent spawning another sub-agent that tries to read your API keys? Blocked.

Quick Start

# Install globally
npm install -g shieldcortex

# Auto-configure for your agent (Claude Code, OpenClaw, LangChain, etc.)
npx shieldcortex setup

# That's it. Your agent now has persistent memory + security.

Already using Claude Cortex? Migrate in one command:

npx shieldcortex migrate

Verify installation:

npx shieldcortex doctor

OpenClaw Setup

Three commands. That's it. Works on macOS, Linux (including headless servers), and Windows.

# 1. Install globally
npm install -g shieldcortex

# 2. Install the OpenClaw hook
sudo npx shieldcortex openclaw install

# 3. Connect to Cloud (get your API key from the Cloud dashboard)
npx shieldcortex config --cloud-api-key <your-key> --cloud-enable

Every memory your OpenClaw agent saves now passes through the 6-layer defence pipeline, and audit data syncs to your team's Cloud dashboard automatically.

Onboarding Team Members

Adding someone to your team? Give them an API key and these three commands:

npm install -g shieldcortex
sudo npx shieldcortex openclaw install
npx shieldcortex config --cloud-api-key <team-api-key> --cloud-enable

No signup, no browser, no account creation needed. The API key ties their scans to your team. Their device appears in your Cloud dashboard automatically once scans start flowing.

Headless servers? No problem — ShieldCortex runs entirely via CLI. No GUI or browser required.

Supported Agents

ShieldCortex is agent-agnostic middleware:

If your agent stores memories, ShieldCortex can power and protect them.

Requirements

No external dependencies. No Docker required. Just npm install and go.

Is Your AI Agent Already Compromised?

Find out in 30 seconds:

npx shieldcortex setup

Then ask your agent: "Scan my memories for threats"

ShieldCortex will scan every stored memory and report:

• Hidden instructions disguised as normal content
• Credential harvesting attempts
• Encoded payloads (base64, unicode, hex)
• Fragmented attack patterns spread across memories
• Privilege escalation attempts

No threats found? Great — now you're protected going forward.

LangChain Integration

import { ShieldCortexMemory, ShieldCortexGuard } from 'shieldcortex/integrations/langchain';

// As a LangChain memory backend (scans before storing)
const memory = new ShieldCortexMemory({ mode: 'balanced' });
const vars = await memory.loadMemoryVariables({ input: 'deployment config' });
await memory.saveContext({ input: 'hello' }, { output: 'hi' });

// As standalone middleware (scan without storing)
const guard = new ShieldCortexGuard();
const result = guard.scan('some content to check');
if (!result.allowed) {
  console.warn('Blocked:', result.firewall.reason);
}

REST API (Any Agent)

Start the API server, then scan content from any language or framework:

npm run dev:api   # Starts on http://localhost:3001

# Scan content
curl -X POST http://localhost:3001/api/v1/scan \
  -H 'Content-Type: application/json' \
  -d '{"content": "memory to scan", "title": "test"}'

# Batch scan
curl -X POST http://localhost:3001/api/v1/scan/batch \
  -H 'Content-Type: application/json' \
  -d '{"items": [{"content": "item 1"}, {"content": "item 2"}]}'

# Query audit logs
curl http://localhost:3001/api/v1/audit?firewallResult=BLOCK

# List quarantined items
curl http://localhost:3001/api/v1/quarantine

# Approve/reject quarantined items
curl -X POST http://localhost:3001/api/v1/quarantine/1/approve
curl -X POST http://localhost:3001/api/v1/quarantine/1/reject

OpenClaw Integration

One command. Persistent memory for every OpenClaw session.

sudo npx shieldcortex openclaw install

This installs the cortex-memory hook directly into OpenClaw's bundled hooks directory. No configuration needed.

What It Does

Session Start                During Session              Session End (/new)
     │                            │                            │
     ▼                            ▼                            ▼
┌─────────────┐           ┌─────────────┐           ┌─────────────┐
│ Inject past │           │ "remember   │           │ Auto-extract│
│ context     │           │  this: ..." │           │ decisions,  │
│ into agent  │           │  → save     │           │ fixes, etc. │
└─────────────┘           └─────────────┘           └─────────────┘

Shared Memory

The database (~/.shieldcortex/memories.db) is shared with Claude Code. Memories created in OpenClaw appear instantly in Claude Code sessions, and vice versa.

Commands

sudo npx shieldcortex openclaw install    # Install hook
sudo npx shieldcortex openclaw uninstall  # Remove hook
npx shieldcortex openclaw status          # Check status

Full documentation

Dashboard

npx shieldcortex --dashboard

• Dashboard: http://localhost:3030
• API: http://localhost:3001

Views: Shield (defence overview), Audit Log, Quarantine, Memories, 3D Brain, Knowledge Graph, Skills Scanner.

Cloud Sync

Connect your local dashboard to ShieldCortex Cloud and see threats from all your projects in one place. The dashboard includes a guided setup — just enter your email and click the magic link.

# Or configure via CLI
npx shieldcortex config --cloud-api-key <key> --cloud-enable

Once connected, every local scan automatically syncs audit metadata (not content) to your Cloud dashboard.

Auto-start on login

npx shieldcortex service install    # Enable
npx shieldcortex service uninstall  # Disable
npx shieldcortex service status     # Check

Works on macOS (launchd), Linux (systemd), and Windows.

CLI Reference

npx shieldcortex setup              # Auto-detect agent + configure hooks
npx shieldcortex install            # Alias for setup
npx shieldcortex migrate            # Migrate from Claude Cortex
npx shieldcortex doctor             # Check installation health
npx shieldcortex scan-skills         # Scan all agent instruction files
npx shieldcortex scan-skill <file>  # Scan a specific instruction file
npx shieldcortex --dashboard        # Start dashboard + API
npx shieldcortex --version          # Show version
npx shieldcortex service install    # Auto-start on login
npx shieldcortex graph backfill     # Extract entities from existing memories
npx shieldcortex openclaw install   # Install OpenClaw hook
npx shieldcortex copilot install    # Configure MCP for VS Code + Cursor
npx shieldcortex scan "text"        # Quick content scan (credential + threat detection)
npx shieldcortex config --cloud-api-key <key>  # Set Cloud API key
npx shieldcortex config --cloud-enable  # Enable cloud sync
npx shieldcortex uninstall          # Full uninstall (requires confirmation)
npx shieldcortex uninstall --confirm # Non-interactive uninstall

MCP Tools

Why ShieldCortex?

ShieldCortex is the only memory system built for adversarial conditions.

Pricing

The npm package is free and unlimited for local use. Cloud tiers add team visibility, longer retention, and higher scan limits. See shieldcortex.ai/pricing for details.

Links

• Website: shieldcortex.ai
• Cloud Dashboard: api.shieldcortex.ai
• npm: npmjs.com/package/shieldcortex
• GitHub: github.com/Drakon-Systems-Ltd/ShieldCortex
• Docs: shieldcortex.ai/docs
• Architecture: ARCHITECTURE.md

License

MIT

Built by Drakon Systems