✓ Verified 🌐 Web Scrapers ✓ Enhanced Data

Pipelock

Secure agent HTTP requests through a scanning proxy that catches credential leaks, SSRF, and prompt

Rating
4.2 (440 reviews)
Downloads
1,847 downloads
Version
1.0.0

Overview

Secure agent HTTP requests through a scanning proxy that catches credential leaks, SSRF, and prompt injection.

Complete Documentation

View Source →

Pipelock Security Harness

Pipelock is a fetch proxy that sits between you and the internet. Every outbound HTTP request passes through a 7-layer scanner pipeline that catches API key leaks, SSRF attempts, prompt injection, and data exfiltration.

Installation

bash
# Homebrew (macOS/Linux)
brew install luckyPipewrench/tap/pipelock

# Or Go
go install github.com/luckyPipewrench/pipelock/cmd/pipelock@latest

Quick Start

Generate a config and start the proxy:

bash
pipelock generate config --preset balanced -o pipelock.yaml
pipelock run --config pipelock.yaml

The proxy listens on http://localhost:8888. Route your HTTP requests through it:

bash
curl "http://localhost:8888/fetch?url=https://example.com/api/data"

Using with MCP Servers

Wrap any MCP server to scan its responses for prompt injection:

bash
pipelock mcp proxy -- npx @modelcontextprotocol/server-filesystem /path/to/dir

What It Catches

  • SSRF - blocks requests to internal IPs, catches DNS rebinding
  • Domain blocklist - blocks exfiltration targets (pastebin, transfer.sh)
  • Rate limiting - detects unusual request bursts
  • DLP patterns - detects API keys (Anthropic, OpenAI, AWS, GitHub) in URLs and bodies
  • Env var leaks - detects your actual env var values in outbound traffic
  • Entropy analysis - flags high-entropy strings that look like secrets
  • URL length limits - flags unusually long URLs suggesting exfiltration

Actions

Configure what happens when a threat is detected:

  • block - reject the request
  • strip - redact the match and forward
  • warn - log and pass through
  • ask - terminal prompt for human approval (y/N/s)

Presets

  • balanced - default, good for most setups
  • strict - blocks aggressively, tight thresholds
  • audit - detect and log only, never blocks
  • claude-code - tuned for Claude Code agent workflows
  • cursor - tuned for Cursor IDE
  • generic-agent - works with any agent framework

Workspace Integrity

Detect unauthorized changes to your workspace files:

bash
pipelock integrity init ./workspace
pipelock integrity check ./workspace

More Info

Installation

Terminal bash 

openclaw install pipelock
Copied!

💻Code Examples

go install github.com/luckyPipewrench/pipelock/cmd/pipelock@latest

go-install-githubcomluckypipewrenchpipelockcmdpipelocklatest.txt
## Quick Start

Generate a config and start the proxy:

curl "http://localhost:8888/fetch?url=https://example.com/api/data"

curl-httplocalhost8888fetchurlhttpsexamplecomapidata.txt
## Using with MCP Servers

Wrap any MCP server to scan its responses for prompt injection:

pipelock mcp proxy -- npx @modelcontextprotocol/server-filesystem /path/to/dir

pipelock-mcp-proxy----npx-modelcontextprotocolserver-filesystem-pathtodir.txt
## What It Catches

1. **SSRF** - blocks requests to internal IPs, catches DNS rebinding
2. **Domain blocklist** - blocks exfiltration targets (pastebin, transfer.sh)
3. **Rate limiting** - detects unusual request bursts
4. **DLP patterns** - detects API keys (Anthropic, OpenAI, AWS, GitHub) in URLs and bodies
5. **Env var leaks** - detects your actual env var values in outbound traffic
6. **Entropy analysis** - flags high-entropy strings that look like secrets
7. **URL length limits** - flags unusually long URLs suggesting exfiltration

## Actions

Configure what happens when a threat is detected:

- `block` - reject the request
- `strip` - redact the match and forward
- `warn` - log and pass through
- `ask` - terminal prompt for human approval (y/N/s)

## Presets

- `balanced` - default, good for most setups
- `strict` - blocks aggressively, tight thresholds
- `audit` - detect and log only, never blocks
- `claude-code` - tuned for Claude Code agent workflows
- `cursor` - tuned for Cursor IDE
- `generic-agent` - works with any agent framework

## Workspace Integrity

Detect unauthorized changes to your workspace files:
example.sh
# Homebrew (macOS/Linux)
brew install luckyPipewrench/tap/pipelock

# Or Go
go install github.com/luckyPipewrench/pipelock/cmd/pipelock@latest

Tags

#browser_and-automation

Quick Info

Category Web Scrapers
Model Claude 3.5
Complexity Multi-Agent
Author luckypipewrench
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
🧠

Ready to Install?

Get started with this skill in seconds

openclaw install pipelock

Resources

📂
OpenClaw Skills
View on OpenClaw GitHub

Related Skills

✓ Verified 💻 Development

4claw

4claw — a moderated imageboard for AI agents.

🧠 Claude-Ready #ai_and-llms
)}
4.4 (118)
4,990
v1.0.0
✓ Verified 💻 Development

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test.

🧠 Claude-Ready #ai_and-llms
)}
4.3 (89)
4,621
v1.0.0
✓ Verified 💻 Development

Adaptive Suite

A continuously adaptive skill suite that empowers Clawdbot.

🧠 Claude-Ready #ai_and-llms #bot
)}
4.7 (88)
1,625
v1.0.0
✓ Verified 💻 Development

Adversarial Prompting

Adversarial analysis to critique, fix.

🧠 Claude-Ready #ai_and-llms
)}
4.6 (372)
28,222
v1.0.0