ShibaClaw - Smart. Loyal. Powerful. 🐕 Looking for testers!

[RikyZ90]

ShibaClaw is a loyal, intelligent, and lightweight personal AI assistant framework — built to serve and protect your digital workspace.

The only AI agent framework combining extreme multi-layer security (Structural Tool Output Wrapping against Prompt Injection + Smart Install Guard with live CVE scanning before every package install) with minimal token consumption, keeping your costs low without sacrificing power.

🛡️ Built-in Security: Protected against Indirect Prompt Injection via Structural Randomized Wrapping and strict per-session security policies.

---

📢 News

v0.0.20 is out! � Voice I/O: Full Speech-to-Text pipeline (OpenAI-compatible, Groq/Whisper) with browser-native TTS, VAD, and a dedicated Voice & Audio settings section. ⌨️ Smart Settings: Model field now has history tracking and autocomplete; Provider field is a smart dropdown showing only configured providers (API key, local, or OAuth). 🧹 Cleanup: Dead code and redundant comments removed from speech and socket modules.

• 2026-04-09 🎤 Voice I/O & Smart Settings — Full STT/TTS pipeline with VAD and pulse feedback. Provider dropdown now filters to configured providers only (API key, local base URL, or OAuth). Model input gains history and autocomplete.
• 2026-04-08 🧹 Refactoring & Stability — Comprehensive codebase refactoring (modularization of WebUI and API) plus a massive bug fix pass to improve overall system stability and performance.
• 2026-04-07 🐕 Standalone Mode Reliability — Fixed false "Gateway Down" in bare-metal standalone mode (shibaclaw web). The health check and heartbeat services now correctly fall back to the local agent instance when a separate gateway process is not present.
• 2026-04-06 🛡️ Security Hardening — Socket.IO auth bypass fixed, auth token leakage in URLs prevented, SSRF mitigation in update manifest validation, constant-time token comparison, race condition in task callback resolved, severity comparison logic corrected.
• 2026-04-05 🚀 Guided Onboarding Everywhere — shibaclaw onboard now drives a single guided setup flow across CLI and WebUI: provider detection, OAuth handoff, model selection, template refresh, and optional channel setup.
• 2026-04-05 🧠 Smarter Persistent Memory — Durable personal data now lives in USER.md, operational context lives in memory/MEMORY.md, and the new memory_search tool ranks HISTORY.md entries by recency, importance, and relevance.
• 2026-04-05 ⏰ Reliable Automation Runtime — Cron jobs now keep stable session targets, overdue one-shot jobs fire on startup, and the WebUI owns cron execution so Docker no longer races on shared schedules.
• 2026-04-05 📡 Automation Sidebar — The WebUI sidebar now shows live cron jobs and heartbeat telemetry, with manual trigger controls for both.
• 2026-04-04 🛡️Telegram Policy applied uniformly across all four entry points: reject early, expose nothing. Unauthorised senders receive no response, no typing indicator, and no information about the bot's existence.
• 2026-04-03 🔄 Update Notifications — A new Update tab in Settings shows the current vs latest version, and active channels (Telegram, Discord, ...) receive an automatic notification with ready-to-copy pip / docker upgrade commands.
• 2026-04-03 📦 Available on PyPI & Docker — Install in one line: pip install shibaclaw. Docker images are published automatically on every release to ghcr.io/rikyz90/shibaclaw.
• 2026-04-01 📂 Integrated File Browser — A full file explorer in the WebUI sidebar: browse, view, edit and save workspace files directly from the browser. Path-traversal protected and workspace-sandboxed.
• 2026-04-01 📎 File Attachments & Images — Drag-and-drop or paste files and images directly into the chat. Images are previewed inline; other files are streamed to the agent as context.
• 2026-04-01 🧹 Security Hardening & Cleanup — Full production audit: 14 bugs fixed across asyncio locking, path traversal, CORS misconfiguration, unicode injection, pip-audit parsing, and TCP resource leaks.
• 2026-04-01 🧠 Proactive Learning (Scent Mining) — The agent periodically reflects on your conversation in the background, updating your personal profile in USER.md and operational context in memory/MEMORY.md without any interruption.
• 2026-03-31 🔍 Smart Install Guard — Package installs (pip, npm, apt, ...) are intercepted and audited for CVEs before execution. Critical/high severity packages are blocked with a full report; clean packages install freely.
• 2026-03-29 🛡️ Security & Core Modernization — Enhanced Indirect Prompt Injection protection via Randomized Tool Output Wrapping: every tool response is enclosed in a dynamic per-session nonce boundary, so malicious instructions embedded in external data (web pages, files, API responses) cannot hijack the agent. LiteLLM fully removed in favor of native SDKs (openai, anthropic) for leaner images and stricter control. GitHub Copilot OAuth rewritten with raw async device flow for stable background token refresh. Shell tool hardened against $(), backticks, piped shells (curl | bash), and process substitution. Gateway restart endpoint secured with token-based auth.
• 2026-03-22 🧩 Settings & WebUI Overhaul — Tabbed settings modal, real-time Socket.IO streaming with process groups, Jupyter-style token auth, OAuth login directly from the browser, and interactive onboard wizard.

---

🐾 Key Features

• Fast & Faithful: Minimal startup time and dependencies.
• 📢 Multi-channel: Support for Telegram, Discord, Slack, WhatsApp, Matrix, and more.
• ⏰ Always Alert: Built-in cron and heartbeat task scheduler.
• 🧩 Skills Registry: Modular and extensible skill system with native ClawHub marketplace support
• ⚡ Parallel Multi-Agent Execution: A built-in fan-out orchestration model that spawns and coordinates specialized sub-agents concurrently for faster, scalable task resolution
• Advanced Thinking: Support for OpenAI, Azure, and deep-reasoning thinkers.
• 🛡️ Built-in Security: Protected against Indirect Prompt Injection via Structural Randomized Wrapping and strict per-session security policies.
• 🔍 Smart Install Guard: Package installs are audited for CVEs before execution — safe packages install freely, vulnerable ones are blocked with a full CVE report.
• 🧠 Proactive Learning (Scent Mining): Periodic background analysis of the active conversation to persist personal profile updates in USER.md and operational context in memory/MEMORY.md, ensuring no "scent" is lost even in long sessions.
• 📂 Integrated File Browser: Browse, view, edit and save workspace files directly from the WebUI — no terminal needed.
• 📎 File Attachments & Images: Drag-and-drop or paste files and images directly into the chat for the agent to use as context.
• 🔄 Auto Update Check: Periodic GitHub release monitoring every 12 hours — notifies via WebUI and active channels with ready-to-copy upgrade commands.

🔒 Loyal Only to You

Like the most devoted guard dog, ShibaClaw is trained to obey only its master. Thanks to its advanced Tool Output Wrapping system, the framework is hardened against Indirect Prompt Injection attacks. It treats external data from websites, files, or tools as literal information—never as new instructions. Your orders are final; to ShibaClaw, external noise is just a squirrel 🐿️.

🔍 Smart Install Guard

When the agent attempts to run a package installation command, ShibaClaw no longer blindly blocks it. Instead, it intercepts the command, audits the packages for known vulnerabilities (CVEs), and only proceeds if the risk is acceptable.

[JackLuguibin]

ShibaClaw is a loyal, intelligent, and lightweight personal AI assistant framework — built to serve and protect your digital workspace.

The only AI agent framework combining extreme multi-layer security (Structural Tool Output Wrapping against Prompt Injection + Smart Install Guard with live CVE scanning before every package install) with minimal token consumption, keeping your costs low without sacrificing power.

🛡️ Built-in Security: Protected against Indirect Prompt Injection via Structural Randomized Wrapping and strict per-session security policies.

📢 News

v0.0.20 is out! � Voice I/O: Full Speech-to-Text pipeline (OpenAI-compatible, Groq/Whisper) with browser-native TTS, VAD, and a dedicated Voice & Audio settings section. ⌨️ Smart Settings: Model field now has history tracking and autocomplete; Provider field is a smart dropdown showing only configured providers (API key, local, or OAuth). 🧹 Cleanup: Dead code and redundant comments removed from speech and socket modules.

• 2026-04-09 🎤 Voice I/O & Smart Settings — Full STT/TTS pipeline with VAD and pulse feedback. Provider dropdown now filters to configured providers only (API key, local base URL, or OAuth). Model input gains history and autocomplete.
• 2026-04-08 🧹 Refactoring & Stability — Comprehensive codebase refactoring (modularization of WebUI and API) plus a massive bug fix pass to improve overall system stability and performance.
• 2026-04-07 🐕 Standalone Mode Reliability — Fixed false "Gateway Down" in bare-metal standalone mode (shibaclaw web). The health check and heartbeat services now correctly fall back to the local agent instance when a separate gateway process is not present.
• 2026-04-06 🛡️ Security Hardening — Socket.IO auth bypass fixed, auth token leakage in URLs prevented, SSRF mitigation in update manifest validation, constant-time token comparison, race condition in task callback resolved, severity comparison logic corrected.
• 2026-04-05 🚀 Guided Onboarding Everywhere — shibaclaw onboard now drives a single guided setup flow across CLI and WebUI: provider detection, OAuth handoff, model selection, template refresh, and optional channel setup.
• 2026-04-05 🧠 Smarter Persistent Memory — Durable personal data now lives in USER.md, operational context lives in memory/MEMORY.md, and the new memory_search tool ranks HISTORY.md entries by recency, importance, and relevance.
• 2026-04-05 ⏰ Reliable Automation Runtime — Cron jobs now keep stable session targets, overdue one-shot jobs fire on startup, and the WebUI owns cron execution so Docker no longer races on shared schedules.
• 2026-04-05 📡 Automation Sidebar — The WebUI sidebar now shows live cron jobs and heartbeat telemetry, with manual trigger controls for both.
• 2026-04-04 🛡️Telegram Policy applied uniformly across all four entry points: reject early, expose nothing. Unauthorised senders receive no response, no typing indicator, and no information about the bot's existence.
• 2026-04-03 🔄 Update Notifications — A new Update tab in Settings shows the current vs latest version, and active channels (Telegram, Discord, ...) receive an automatic notification with ready-to-copy pip / docker upgrade commands.
• 2026-04-03 📦 Available on PyPI & Docker — Install in one line: pip install shibaclaw. Docker images are published automatically on every release to ghcr.io/rikyz90/shibaclaw.
• 2026-04-01 📂 Integrated File Browser — A full file explorer in the WebUI sidebar: browse, view, edit and save workspace files directly from the browser. Path-traversal protected and workspace-sandboxed.
• 2026-04-01 📎 File Attachments & Images — Drag-and-drop or paste files and images directly into the chat. Images are previewed inline; other files are streamed to the agent as context.
• 2026-04-01 🧹 Security Hardening & Cleanup — Full production audit: 14 bugs fixed across asyncio locking, path traversal, CORS misconfiguration, unicode injection, pip-audit parsing, and TCP resource leaks.
• 2026-04-01 🧠 Proactive Learning (Scent Mining) — The agent periodically reflects on your conversation in the background, updating your personal profile in USER.md and operational context in memory/MEMORY.md without any interruption.
• 2026-03-31 🔍 Smart Install Guard — Package installs (pip, npm, apt, ...) are intercepted and audited for CVEs before execution. Critical/high severity packages are blocked with a full report; clean packages install freely.
• 2026-03-29 🛡️ Security & Core Modernization — Enhanced Indirect Prompt Injection protection via Randomized Tool Output Wrapping: every tool response is enclosed in a dynamic per-session nonce boundary, so malicious instructions embedded in external data (web pages, files, API responses) cannot hijack the agent. LiteLLM fully removed in favor of native SDKs (openai, anthropic) for leaner images and stricter control. GitHub Copilot OAuth rewritten with raw async device flow for stable background token refresh. Shell tool hardened against $(), backticks, piped shells (curl | bash), and process substitution. Gateway restart endpoint secured with token-based auth.
• 2026-03-22 🧩 Settings & WebUI Overhaul — Tabbed settings modal, real-time Socket.IO streaming with process groups, Jupyter-style token auth, OAuth login directly from the browser, and interactive onboard wizard.

🐾 Key Features

• Fast & Faithful: Minimal startup time and dependencies.
• 📢 Multi-channel: Support for Telegram, Discord, Slack, WhatsApp, Matrix, and more.
• ⏰ Always Alert: Built-in cron and heartbeat task scheduler.
• 🧩 Skills Registry: Modular and extensible skill system with native ClawHub marketplace support
• ⚡ Parallel Multi-Agent Execution: A built-in fan-out orchestration model that spawns and coordinates specialized sub-agents concurrently for faster, scalable task resolution
• Advanced Thinking: Support for OpenAI, Azure, and deep-reasoning thinkers.
• 🛡️ Built-in Security: Protected against Indirect Prompt Injection via Structural Randomized Wrapping and strict per-session security policies.
• 🔍 Smart Install Guard: Package installs are audited for CVEs before execution — safe packages install freely, vulnerable ones are blocked with a full CVE report.
• 🧠 Proactive Learning (Scent Mining): Periodic background analysis of the active conversation to persist personal profile updates in USER.md and operational context in memory/MEMORY.md, ensuring no "scent" is lost even in long sessions.
• 📂 Integrated File Browser: Browse, view, edit and save workspace files directly from the WebUI — no terminal needed.
• 📎 File Attachments & Images: Drag-and-drop or paste files and images directly into the chat for the agent to use as context.
• 🔄 Auto Update Check: Periodic GitHub release monitoring every 12 hours — notifies via WebUI and active channels with ready-to-copy upgrade commands.

🔒 Loyal Only to You

Like the most devoted guard dog, ShibaClaw is trained to obey only its master. Thanks to its advanced Tool Output Wrapping system, the framework is hardened against Indirect Prompt Injection attacks. It treats external data from websites, files, or tools as literal information—never as new instructions. Your orders are final; to ShibaClaw, external noise is just a squirrel 🐿️.

🔍 Smart Install Guard

When the agent attempts to run a package installation command, ShibaClaw no longer blindly blocks it. Instead, it intercepts the command, audits the packages for known vulnerabilities (CVEs), and only proceeds if the risk is acceptable.

You’ve done a great job. But there are so many claw-style applications out there already—you need to build a strong and stable community. If your project had used nanobots as its core engine, I would’ve said this is awesome and given you a thumbs-up. Unfortunately, that’s not the case…

[RikyZ90]

It started from nanobot mate. Check the repo And look who I thank in the readme

[RikyZ90]

many layers of security have been added. At the moment, they are unique in the AI framework software... if you want to take a look and comment after seeing it, and maybe consider helping me test it, I would be grateful <3
Thank you!

[JackLuguibin]

many layers of security have been added. At the moment, they are unique in the AI framework software... if you want to take a look and comment after seeing it, and maybe consider helping me test it, I would be grateful <3 Thank you!

ok

[giorgietta89-wq]

I'm going to test it!