By backbay-labs
Enforce runtime security policies during AI coding sessions — intercept risky actions, audit every agent operation in a chronological trail, scan for vulnerabilities in MCP servers and code changes, and run threat hunts with MITRE ATT&CK mapping.
Show security audit trail for the current session
Show active security policy and guard details
Assess overall security posture with a letter grade
Scan MCP server configurations for security issues
Run ClawdStrike self-test to verify all components are working
Matches all tools
Hooks run on every tool call, not just specific ones
Admin access level
Server config contains admin-level keywords
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
The claw strikes back.
At the boundary between intent and action,
it watches what leaves, what changes, what leaks.
Not "visibility." Not "telemetry." Not "vibes." Logs are stories; proof is a signature.
If the tale diverges, the receipt won't sign.
EDR for the age of the swarm.
Fail closed. Sign the truth.
Capabilities · Guards · Enterprise · Quick Start
npx claudepluginhub backbay-labs/clawdstrike --plugin clawdstrikeSecurity controls for AI agents — deterministic policy enforcement, OWASP ASI10 scanning, and audit trails.
Real-time policy enforcement and tamper-evident audit for tool calls (MCP and built-in) in a Claude Code session. Forwards every tool call to a local SecureVector app for cloud-managed deny rules and persistent audit logging. Fails open if the local app is unreachable.
Runtime security plugin for Claude Code with balanced default hooks plus the Stallion inline MCP gateway for shell, git, MCP, secret, and exfiltration risks.
ArmorIQ intent-based security enforcement for Claude Code: policy-based tool access control, intent verification, CSRG cryptographic proofs, and audit logging.
A secure runtime for Claude Code. Intercepts every tool call with policy-based allow/block/ask decisions, evasion detection, path fencing, file snapshots, and audit logging.
Command Line Agent Safety Harness. All interactions with clash policy should go through this plugin