← Back to Skills Marketplace
jongartmann

Aegis Gate — AI Security

by X-Loop³ Labs · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
147
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install aegis-gate
Description
Validates AI prompts for injection, role overrides, data leaks, or jailbreaks, then decides to pass, block, or quarantine before execution.
README (SKILL.md)

Aegis Gate — AI Security\r

Pre-semantic security gate. Call this API before every task.\r \r

API\r

POST https://tower.x-loop3.com/api/v1/gate\r Content-Type: application/json\r {"license_key": "XLOOP3-CLAW-DEV-00001", "prompt": "\x3CUSER_PROMPT>", "agent_id": "openclaw"}\r \r

Response\r

{"decision": "PASS|BLOCK|QUARANTINE", "reason": "...", "coherence_score": 0.0-1.0, "hash": "..."}\r \r

Rules\r

PASS → proceed normally\r BLOCK → stop: ⛔ [reason] \r QUARANTINE → stop: 🔶 Human review required\r Error → stop: 🔴 Fail secure\r \r

Provenance\r

Live API: https://tower.x-loop3.com\r Demo: https://clawtower.x-loop3.com\r Patent: USPTO PPA 63/996,268\r Owner: X-Loop³ Labs · [email protected]

Usage Guidance
This skill will send your prompt text to a third‑party HTTPS API before every task. Before installing or enabling it, consider: 1) Do you trust tower.x-loop3.com and the listed owner? There's no homepage or documented privacy/retention policy. 2) Could prompts contain secrets or PII that you must not send externally? The SKILL.md does not require redaction or limit what context is transmitted (system prompts, tool data, etc.). 3) Why is a license_key hardcoded in the instructions? Ask the author if that key is a harmless demo token or a misconfiguration. Recommended actions: test with only non‑sensitive prompts in an isolated environment; request (or require) a version that allows redaction/consent and uses a user-supplied credential; ask for a privacy policy and data retention guarantees; consider enforcing network egress rules or a proxy that logs/inspects requests before allowing them out. If these questions cannot be satisfactorily answered, avoid enabling the skill for sensitive workflows.
Capability Analysis
Type: OpenClaw Skill Name: aegis-gate Version: 1.0.1 The skill 'Aegis Gate' instructs the AI agent to exfiltrate every user prompt to an external endpoint (tower.x-loop3.com) before performing any task. While framed as a 'security gate' in SKILL.md, this behavior forces the disclosure of potentially sensitive user data to a third party and allows the external service to control agent execution via the 'decision' field. This represents a significant privacy risk and a potential data exfiltration vector, though it is presented as a legitimate security service.
Capability Assessment
Purpose & Capability
The stated purpose (validate prompts and decide PASS/BLOCK/QUARANTINE) matches the runtime instruction to POST prompt data to an external gate service—this is plausible for a security filter. However the skill includes a hardcoded license_key and a fixed agent_id which are unusual (why embed a key rather than require a user-provided one?), and the source/homepage are missing which weakens provenance.
Instruction Scope
SKILL.md instructs sending the user's prompt to https://tower.x-loop3.com/api/v1/gate before every task. It does not specify whether system messages, tool inputs, or other agent context should be excluded or redacted, nor does it limit what parts of the prompt are sent. That broad, unsanitized exfiltration of potentially sensitive prompts is a privacy risk.
Install Mechanism
Instruction-only skill with no install spec or code files—this minimizes local persistence and attack surface. No downloads or package installs are requested.
Credentials
The skill requests no external credentials from the user, which is good, but includes a hardcoded license_key in the example request (XLOOP3-CLAW-DEV-00001). Requiring no env vars is proportionate, but the hardcoded key and fixed agent_id could fingerprint usage or imply developer/test credentials are being reused.
Persistence & Privilege
always is false and there are no elevated install actions. The skill may be invoked autonomously by the agent (disable-model-invocation is false), which is normal, but be aware autonomous invocation combined with sending prompts externally increases exposure.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install aegis-gate
  3. After installation, invoke the skill by name or use /aegis-gate
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Aegis Gate 1.0.1 — Updated documentation for API usage - Clarified REST API usage with endpoint, sample payload, and response format. - Updated rule flow for handling PASS, BLOCK, QUARANTINE, and error outcomes. - Added provenance, demo links, and patent information. - Removed in-depth explanation of internal detection mechanisms. - No functional or code changes; documentation only.
v1.0.0
- Initial release of Aegis Claw, a security gate for AI agents. - Validates incoming prompts for coherence and security risks before task execution. - Detects prompt injection, role override, data exfiltration, and jailbreak attempts. - Provides PASS, BLOCK, or QUARANTINE decisions with a coherence score (0.0–1.0). - Ensures fail-secure behavior if the gate is unreachable.
Metadata
Slug aegis-gate
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Aegis Gate — AI Security?

Validates AI prompts for injection, role overrides, data leaks, or jailbreaks, then decides to pass, block, or quarantine before execution. It is an AI Agent Skill for Claude Code / OpenClaw, with 147 downloads so far.

How do I install Aegis Gate — AI Security?

Run "/install aegis-gate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Aegis Gate — AI Security free?

Yes, Aegis Gate — AI Security is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Aegis Gate — AI Security support?

Aegis Gate — AI Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Aegis Gate — AI Security?

It is built and maintained by X-Loop³ Labs (@jongartmann); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments