ShieldCortex
Persistent memory system with security for AI agents. Remembers decisions, preferences, architecture, and context across sessions with knowledge graphs, deca...
Description
name: shieldcortex description: Persistent memory system with security for AI agents. Remembers decisions, preferences, architecture, and context across sessions with knowledge graphs, decay, contradiction detection, and a 6-layer defence pipeline with Iron Dome behavioural protection. Use when asked to "remember this", "what do we know about", "recall context", "scan for threats", "run security audit", "check memory stats", or when starting a new session and needing prior context. license: MIT metadata: author: Drakon Systems version: 3.4.2 mcp-server: shieldcortex category: memory-and-security tags: [memory, security, knowledge-graph, mcp, iron-dome]
ShieldCortex — Persistent Memory & Security for AI Agents
Give your AI agent a brain that persists between sessions — and protect it from memory poisoning attacks.
Safety & Scope
This skill does not auto-install anything. All installation commands below are manual and require the user to explicitly run them.
- No file writes on install —
clawhub install shieldcortexonly copies this SKILL.md into your skills directory. No binaries, hooks, or config are touched. - Opt-in npm install —
npm install -g shieldcortexinstalls the CLI and MCP server globally. Run only if the user explicitly wants ShieldCortex installed. - Local config only —
shieldcortex installwrites MCP server configuration to the local agent's config file (e.g.~/.config/claude-code/settings.json,~/.codex/config.toml, or~/.openclaw/settings.json). It does not modify system files, environment variables, or other agents. - No network calls without consent — the core package is fully local (SQLite database, local embeddings). Cloud sync and API key submission are entirely optional and off by default.
- File scanning is path-targeted —
scan-skillscans a single file you point it at. It does not walk directories or read files beyond what you specify. - No credentials required — the base package needs no API keys, tokens, or accounts. Optional cloud features require an explicit
shieldcortex config set-api-keystep.
Description
ShieldCortex is a complete memory system with built-in security. It gives AI agents persistent, intelligent memory with semantic search, knowledge graphs, decay-based forgetting, and contradiction detection. Every memory write passes through a 6-layer defence pipeline that blocks prompt injection, credential leaks, and poisoning attacks. Iron Dome adds behavioural protection with action gates, security profiles, and full audit trails.
Use when:
- You want your agent to remember things between sessions (decisions, preferences, architecture, context)
- You need semantic search across past memories (not just keyword matching)
- You want automatic memory consolidation, decay, and cleanup
- You want knowledge graph extraction from memories (entities, relationships)
- You need to protect memory from prompt injection or poisoning attacks
- You want credential leak detection in memory writes (25+ patterns, 11 providers)
- You want to audit what's been stored in and retrieved from memory
- You want to scan agent instruction files (SKILL.md, .cursorrules, CLAUDE.md) for hidden threats
- You want behavioural protection with Iron Dome (action gates, security profiles)
- You want to guard any memory backend with the defence pipeline (Universal Memory Bridge)
Do NOT use when:
- You only need simple key-value storage (use a config file)
- You want ephemeral session-only context (use the agent's built-in context window)
- You need a vector database for RAG pipelines (ShieldCortex is agent memory, not document retrieval)
Prerequisites
- Node.js >= 18
- npm or pnpm (or pip for Python)
Manual Setup
Run only if the user explicitly wants ShieldCortex installed. This skill file alone does not require installation — it serves as documentation and integration guidance.
npm install -g shieldcortex
Python SDK:
pip install shieldcortex
For OpenClaw integration (installs the cortex-memory hook into local OpenClaw config):
shieldcortex openclaw install
For Claude Code / VS Code / Cursor MCP integration (writes a local MCP server entry to the agent's settings file — does not modify system files or other agents):
shieldcortex install
Quick Start
As an OpenClaw hook (automatic)
After shieldcortex openclaw install, the hook activates on next restart:
- Injects relevant past memories on session start
- "remember this: ..." keyword trigger saves memories inline
- Auto-memory (opt-in) — extracts important context on session end with smart deduplication
Enable auto-memory:
shieldcortex config --openclaw-auto-memory
CLI Commands
# Check status
shieldcortex status
# Scan content for threats
shieldcortex scan "some text to check"
# Full security audit of your agent environment
shieldcortex audit
# Scan a single skill or instruction file for hidden threats
shieldcortex scan-skill ./path/to/SKILL.md
# Build knowledge graph from existing memories
shieldcortex graph backfill
# Start the visual dashboard
shieldcortex --dashboard
As a Library (programmatic)
import {
addMemory,
getMemoryById,
runDefencePipeline,
scanSkill,
extractFromMemory,
consolidate,
initDatabase
} from 'shieldcortex';
// Initialize
initDatabase('/path/to/memories.db');
// Add a memory (automatically passes through defence pipeline)
addMemory({
title: 'API uses OAuth2',
content: 'The payment API requires OAuth2 bearer tokens, not API keys',
category: 'architecture',
importance: 'high',
project: 'my-project'
});
// Scan content before processing
const result = runDefencePipeline(untrustedContent, 'Email Import', {
type: 'external',
identifier: 'email-scanner'
});
if (result.allowed) {
// Safe to process
}
// Extract knowledge graph entities
const { entities, triples } = extractFromMemory(
'Database Migration',
'We switched from MySQL to PostgreSQL for the auth service',
'architecture'
);
// entities: [{name: 'MySQL', type: 'service'}, {name: 'PostgreSQL', type: 'service'}, ...]
// triples: [{subject: 'auth service', predicate: 'uses', object: 'PostgreSQL'}, ...]
Memory System Features
| Feature | Description |
|---|---|
| Persistent Storage | SQLite-backed, survives restarts and compaction |
| Semantic Search | Find memories by meaning, not just keywords |
| Project Scoping | Isolate memories per project/workspace |
| Importance Levels | Critical, high, normal, low with auto-decay |
| Categories | Architecture, decisions, preferences, context, learnings, errors |
| Decay & Forgetting | Old, unaccessed memories fade — like a real brain |
| Consolidation | Automatic merging of similar/duplicate memories |
| Contradiction Detection | Flags when new memories conflict with existing ones |
| Knowledge Graph | Extracts entities and relationships from memories |
| Activation Scoring | Recently accessed memories get retrieval priority |
| Salience Scoring | Important memories surface first in search |
Security Features
| Layer | Protection |
|---|---|
| Input Sanitisation | Strip control characters, null bytes, dangerous formatting |
| Pattern Detection | Regex matching for known injection patterns |
| Semantic Analysis | Embedding similarity to attack corpus |
| Structural Validation | JSON/format integrity checks |
| Behavioural Scoring | Anomaly detection over time |
| Credential Leak Detection | Blocks API keys, tokens, private keys (25+ patterns, 11 providers) |
| Trust Scoring | Source-based reliability scoring for memory writes |
| Audit Trail | Full forensic log of every memory operation |
| Skill Scanner | Detect prompt injection in SKILL.md, .cursorrules, CLAUDE.md |
Iron Dome
Behavioural security layer that controls what agents can do:
- Security Profiles —
school,enterprise,personal,paranoid— each with tailored action gates and trust levels - Action Gates — gate dangerous actions (send_email, delete_file, api_call) requiring approval before execution
- Injection Scanning — scan any text for prompt injection patterns with severity and category
- Full Audit Trail — every action check is logged for forensic review
Universal Memory Bridge
Guard any memory backend with the defence pipeline — not just ShieldCortex's built-in storage. The bridge wraps your existing memory system with the full 6-layer security pipeline. It does not require any credentials or API keys — all processing is local.
import { ShieldCortexGuardedMemoryBridge, MarkdownMemoryBackend } from 'shieldcortex';
const bridge = new ShieldCortexGuardedMemoryBridge({
backend: new MarkdownMemoryBackend('~/.my-memories/'),
});
Built-in backends: MarkdownMemoryBackend, OpenClawMarkdownBackend. Implement the backend interface for custom storage. No credentials are needed for the bridge — it runs entirely locally using the same SQLite + local embeddings as the core package.
ShieldCortex Cloud (Optional)
Sync audit data to a team dashboard for cross-project visibility. Cloud is entirely optional and disabled by default. No data leaves your machine unless you explicitly configure cloud sync with your own API key:
shieldcortex config set-api-key <your-key>
Free local package is unlimited. Cloud adds team dashboards, audit aggregation, and alerts. Cloud credentials are never required for any local functionality — the full memory system, defence pipeline, knowledge graph, and Iron Dome all work without any API key or account.
Links
Reviews (0)
No reviews yet. Be the first to review!
Comments (0)
No comments yet. Be the first to share your thoughts!