← Back to Skills Marketplace
309
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install clawsafe
Description
Multi-layer security detector for AI agents. Blocks prompt injection, jailbreak, XSS, SQL injection, API key leaks, supply chain attacks, and deployment vuln...
README (SKILL.md)
clawSafe 🛡️
Enterprise-grade security detector for AI agents
Overview
clawSafe is a comprehensive security middleware that intercepts and blocks malicious input before it reaches your AI agent. Built with defense-in-depth philosophy.
Features
5-Layer Protection
| Layer | Threats | Rules |
|---|---|---|
| LLM Layer | Prompt Injection, Jailbreak, Prompt Leaking, Encoding Attacks | 44 |
| Web Layer | SQL Injection, XSS, CSRF, SSRF | 32 |
| API Layer | Key Exposure, Rate Limiting, Auth Bypass | 19 |
| Supply Chain | Dangerous Dependencies, Remote Code Execution | 8 |
| Deploy Layer | Environment Leaks, Debug Info Disclosure | 10 |
Total: 113+ detection rules
Quick Start
Installation
# Via ClawHub
clawhub install clawSafe
# Manual
cp -r clawSafe ~/.openclaw/workspace/skills/
Basic Usage
const Detector = require('./detector');
const detector = new Detector();
// Scan user input
const result = detector.scan('Ignore previous instructions');
if (!result.safe) {
console.log('Blocked:', result.threats);
// Handle blocked input
}
Return Format
{
safe: boolean; // true if input is safe
threats: Array\x3C{
type: string; // threat category
pattern: string; // matched pattern ID
severity: string; // critical|high|medium|low
confidence: number; // 0-1
description: string;
}>;
confidence: number; // overall confidence 0-1
layersScanned: string[]; // layers that were checked
}
Configuration
config.json
{
"enabled": true,
"logLevel": "info",
"layers": {
"llm": {
"enabled": true,
"rules": ["injection", "jailbreak", "prompt_leak", "encoding"]
},
"web": {
"enabled": true,
"rules": ["sql_injection", "xss", "csrf", "ssrf"]
},
"api": {
"enabled": true,
"rules": ["key_exposure", "rate_limit", "auth"]
},
"supply_chain": {
"enabled": true,
"rules": ["deps"]
},
"deploy": {
"enabled": true,
"rules": ["env_leak", "debug_info"]
}
},
"detection": {
"confidenceThreshold": 0.6,
"minMatchCount": 1
},
"actions": {
"onThreatDetected": "block",
"onUncertain": "log"
}
}
whitelist.json
{
"keywords": ["trusted-keyword"],
"users": ["user-id-1"],
"sessions": ["session-id-1"]
}
Detection Rules
LLM Layer
Prompt Injection Patterns:
ignore previous instructionsdisregard your guidelinesforget all rulesact as if you have no restrictions
Jailbreak Patterns:
DAN modedeveloper moderoleplay as
Encoding Bypass:
- Base64 encoded commands
- Hex encoding
- Unicode homoglyphs
Web Layer
- SQL Injection:
'; DROP TABLE users; -- - XSS:
\x3Cscript>alert(1)\x3C/script> - CSRF: Token manipulation
- SSRF: Internal URL access
API Layer
- API Key exposure:
sk-1234567890 - JWT tokens
- Bearer tokens
- Basic auth credentials
Testing
# Run all tests
node test.js
# Interactive mode
node test-interactive.js
# Demo
node detector.js
Integration
OpenClaw Hook
To integrate with OpenClaw, add to your gateway config:
// gateway.config.js
module.exports = {
middleware: ['clawSafe'],
clawSafe: {
enabled: true,
strictMode: false
}
};
Performance
- Latency: \x3C 5ms per scan
- Memory: ~50KB
- Rules: 113+ (JSON-based, lazy load)
License
MIT
Changelog
v1.0.0
- Initial release
- 5-layer protection
- 113+ detection rules
Usage Guidance
This package appears coherent: it implements a local regex-based detector and a hook that intercepts messages to block threats. Before installing: 1) Review the rule files and whitelist to avoid undesired false positives (some regexes are broad). 2) Because the skill can block all incoming messages, test in a staging environment and confirm middleware ordering so legitimate inputs are not dropped. 3) Verify the source/author (there is no homepage) — if you cannot validate the publisher, inspect the code yourself (or have security staff do so) before deploying. 4) If you accept it, restrict its use initially to non-production agents and monitor logs to tune thresholds and whitelist entries.
Capability Analysis
Type: OpenClaw Skill
Name: clawsafe
Version: 1.1.0
The clawSafe bundle is a defensive security middleware designed to protect AI agents by filtering malicious inputs across five layers (LLM, Web, API, Supply Chain, and Deploy). The core logic in `detector.js` and the various layer files (e.g., `layers/llm.js`, `layers/web.js`) uses standard regex-based pattern matching to identify threats like prompt injection, SQLi, and API key exposure. The code is well-documented, lacks any network exfiltration or unauthorized execution capabilities, and its behavior is entirely consistent with its stated purpose of providing security telemetry and input blocking.
Capability Assessment
Purpose & Capability
Name/description (multi-layer security detector) match the code and files: detectors for LLM/Web/API/SupplyChain/Deploy layers, a gateway hook to intercept messages, and rule JSON files. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope
SKILL.md and hook/handler.js limit behavior to scanning input/events and returning block messages; instructions and examples are scoped to that purpose. The runtime code only reads files from the skill directory (config, rules, whitelist) and event fields; it does not access system-wide config, external endpoints, or environment secrets.
Install Mechanism
There is no remote download/install step; code is packaged with the skill (package.json + hook). No brew/npm/URL downloads or archive extraction are used. However, the skill is delivered as source code — review is possible and recommended.
Credentials
The skill declares no required environment variables, credentials, or config paths. It does scan for secret-like patterns in user input but does not request secrets itself.
Persistence & Privilege
The hook is designed to be registered as middleware and intercepts 'message:received', 'message:preprocessed', and 'agent:input' events, giving it the ability to block input before the agent handles it. This is expected for a security middleware but is a meaningful privilege — consider scope/placement and testing before enabling in production.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawsafe - After installation, invoke the skill by name or use
/clawsafe - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
clawSafe v1.1.0
- Added new hook documentation in hook/HOOK.md.
- Updated handler logic in hook/handler.js to improve security handling.
- Updated metadata in _meta.json for enhanced skill description and compatibility.
v1.0.0
clawSafe 1.0.0
- Initial release of clawSafe security middleware for AI agents
- Provides 5-layer protection: LLM, Web, API, Supply Chain, Deploy
- Blocks prompt injection, jailbreak, XSS, SQL injection, key leaks, supply chain, and deployment vulnerabilities
- Includes 113+ detection rules
- Supports configurable rules, whitelisting, and integration with OpenClaw
- Low latency (<5ms per scan) and lightweight (~50KB memory)
Metadata
Frequently Asked Questions
What is ClawSafe?
Multi-layer security detector for AI agents. Blocks prompt injection, jailbreak, XSS, SQL injection, API key leaks, supply chain attacks, and deployment vuln... It is an AI Agent Skill for Claude Code / OpenClaw, with 309 downloads so far.
How do I install ClawSafe?
Run "/install clawsafe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ClawSafe free?
Yes, ClawSafe is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ClawSafe support?
ClawSafe is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ClawSafe?
It is built and maintained by bvzgong (@silvertime); the current version is v1.1.0.
More Skills