← Back to Skills Marketplace
zuga-luga

ZugaShield Security Scanner

by Zuga-luga · GitHub ↗ · v0.1.1
cross-platform ⚠ suspicious
637
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install zugashield
Description
7-layer AI security scanner for OpenClaw. Blocks prompt injection, SSRF, command injection, data leakage, and memory poisoning across ALL channels (Signal, T...
Usage Guidance
This package is plausible as a gateway scanner, but take these precautions before installing/activating it: 1) Verify the upstream packages: confirm the npm package and PyPI package authors and the GitHub repository (the plugin contains multiple repository/homepage strings — reconcile them). 2) Inspect the Python package 'zugashield' (zugashield_mcp): examine its code on PyPI or the repository before running pip install; a third-party Python package will run code on your host. 3) Check SKILL.md / README for the prompt-injection phrases flagged by the scanner and review any suspicious lines. 4) Don't set sensitive env vars into the process; the plugin tries to whitelist env vars but allows ZUGASHIELD_* feed URLs — ensure those point to trusted, signed feeds, and enable signature verification if available. 5) Test in an isolated/sandboxed OpenClaw instance first (non-production) to verify behavior and network interactions (outbound connections, feed pulls). 6) Prefer packages from an audited source or a repository you control; if you can't validate the Python package or feed origin, treat this as untrusted code. If you want, I can list the exact repo/homepage strings found and point out where they differ, or help you inspect the zugashield_mcp package source if you provide its PyPI link or code.
Capability Analysis
Type: OpenClaw Skill Name: zugashield Version: 0.1.1 The OpenClaw AgentSkills skill bundle 'zugashield' is a security scanner designed to protect AI agents from various attacks like prompt injection, SSRF, command injection, and data leakage. The code demonstrates strong security practices, such as whitelisting environment variables passed to child processes (`src/preflight.ts`, `src/shield-client.ts`) to prevent secret leakage, and implementing fail-closed mechanisms, especially for tool execution (`src/hooks/pre-tool-exec.ts`). The `SKILL.md` and `README.md` are purely descriptive and do not contain prompt injection attempts against the agent. Crucially, the `test/integration.test.ts` file includes extensive tests against a wide range of real attack payloads, with the explicit expectation that these attacks *will be blocked*, strongly indicating a security-focused and non-malicious intent. There is no evidence of intentional harmful behavior, data exfiltration, backdoors, or obfuscation.
Capability Assessment
Purpose & Capability
The name/description (an OpenClaw gateway scanner) align with what the plugin implements: it registers gateway hooks, requires Python to run a zugashield_mcp server, and exposes commands to show status/report. Permission for subprocess is declared and needed to spawn the MCP process.
Instruction Scope
SKILL.md instructs installation via pip/npm and to spawn a resident Python MCP server that inspects inputs, outputs, tool calls, and memories — all consistent with the stated purpose. However the SKILL.md was flagged by a prompt-injection detector (patterns like 'ignore-previous-instructions' and 'you-are-now'), which is unexpected for a scanner manifest and may indicate attempted LLM-targeted manipulation in documentation/instructions. The runtime hooks do scan/forward content to the MCP server; they do not, in the JS surface code, read unrelated host secrets.
Install Mechanism
There is no packaged install spec inside the plugin bundle; the SKILL.md recommends 'pip install "zugashield[mcp]"' and 'npm install zugashield-openclaw-plugin'. Running pip to fetch zugashield at runtime means execution of third-party Python code on the host. That is a standard distribution method but is a moderate risk because the Python package is an external artifact you must trust. The npm content provided in the bundle looks normal; no direct downloads from shorteners/personal IPs were found.
Credentials
The plugin declares no required env vars and restricts child-process env to an allowlist, which reduces secret leakage risk. However the child env allowlist includes ZUGASHIELD_FEED_URL / FEED_ENABLED / FEED_STATE_DIR and other ZUGASHIELD_* variables — these imply the engine may be configurable to contact external feeds (update/signature feeds). Those are plausible for a scanner but mean a misconfigured or malicious feed URL could direct the Python process to fetch remote content. No unrelated cloud credentials are requested by the plugin.
Persistence & Privilege
always:false and user-invocable are appropriate. The plugin registers as a service and adds required hooks (high priority/critical) — appropriate for a security filter. It does not request permanent global privileges beyond hooking into the gateway as intended.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install zugashield
  3. After installation, invoke the skill by name or use /zugashield
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Security fix: sanitize child process environment (env allowlist instead of process.env spread). Add threat feed config vars to allowlist.
v0.1.0
Initial release: 7-layer AI security scanning for all OpenClaw channels
Metadata
Slug zugashield
Version 0.1.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is ZugaShield Security Scanner?

7-layer AI security scanner for OpenClaw. Blocks prompt injection, SSRF, command injection, data leakage, and memory poisoning across ALL channels (Signal, T... It is an AI Agent Skill for Claude Code / OpenClaw, with 637 downloads so far.

How do I install ZugaShield Security Scanner?

Run "/install zugashield" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ZugaShield Security Scanner free?

Yes, ZugaShield Security Scanner is completely free (open-source). You can download, install and use it at no cost.

Which platforms does ZugaShield Security Scanner support?

ZugaShield Security Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ZugaShield Security Scanner?

It is built and maintained by Zuga-luga (@zuga-luga); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments