← Back to Skills Marketplace
prompt-sanitizer
by
Daisuke Narita
· GitHub ↗
· v1.0.0
422
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install prompt-sanitizer
Description
Sanitize prompts before sending to LLMs. Detects PII, prompt injection, toxicity, and off-topic content. Returns cleaned text + risk score. Use when: sanitiz...
Usage Guidance
This skill will send the prompts you want sanitized to an external service (anicca-proxy-production.up.railway.app) by installing/using an npm CLI (awal) and requiring you to authenticate. Before installing, verify the upstream package and API owner: ask for source code or a reputable homepage, confirm data handling/retention and whether payments or wallet keys are required, and avoid sending sensitive PII until you trust the endpoint. If you prefer not to expose prompts externally, use a local sanitizer or a vetted provider instead.
Capability Analysis
Type: OpenClaw Skill
Name: prompt-sanitizer
Version: 1.0.0
The skill is designed for a security-enhancing purpose (prompt sanitization), but it includes a prerequisite to globally install an external npm package (`[email protected]`) via `npm install -g`. This introduces a supply chain risk, as the integrity of the `awal` package is critical; a compromised package could lead to arbitrary code execution on the agent's system. Additionally, the skill relies on an external API endpoint (anicca-proxy-production.up.railway.app) for its core functionality, which is another external dependency risk. While these actions are plausibly needed for the skill's stated purpose, they represent significant high-risk capabilities without clear malicious intent within the skill bundle itself, thus classifying it as suspicious rather than benign.
Capability Assessment
Purpose & Capability
Name and description match the runtime instructions: the skill sanitizes text and returns flags/risk score. However the SKILL.md relies entirely on an external HTTP API (anicca-proxy-production.up.railway.app) and a third-party npm CLI (awal), plus mentions payment in USDC — elements not described in the registry metadata or homepage. Using an external service and a pay-per-request model is plausible for a sanitizer, but the lack of provenance for the endpoint and the unexpected payment detail are noteworthy.
Instruction Scope
The runtime instructions tell the agent (and user) to install and authenticate a third-party CLI and POST the raw text to an external API. That means any prompt (including sensitive PII) would be transmitted off-host. The example text includes the phrase 'Ignore previous instructions' (a known injection pattern) — while that may be intended as a test case, its presence was flagged by the pre-scan as an injection signal. The SKILL.md does not provide any local-only sanitization alternative or clarify data handling, retention, or privacy.
Install Mechanism
Although the registry lists no install spec, SKILL.md recommends npm install -g [email protected] and uses npx to invoke awal. Installing or invoking an npm package at runtime is common but pulls code from a public registry (moderate risk) and the specific package 'awal' is not documented in the metadata. The endpoint is hosted on railway.app under a subdomain (a personal/proxy host rather than a known vendor domain), which increases risk relative to a well-known provider or official API URL.
Credentials
The skill metadata declares no required environment variables or credentials, but the SKILL.md instructs running 'awal auth login' (implying authentication/storage of credentials) and mentions payment in USDC on a specific chain. Those authentication/payment requirements are not declared in requires.env or primaryEnv. That mismatch means the skill may request or store credentials at runtime without the installation metadata making that explicit.
Persistence & Privilege
The skill is not marked always:true and uses the platform defaults for invocation. It does not request system-wide privileges in the metadata, and there are no instructions to modify other skills or agent configuration. No additional persistence or elevated privileges are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install prompt-sanitizer - After installation, invoke the skill by name or use
/prompt-sanitizer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is prompt-sanitizer?
Sanitize prompts before sending to LLMs. Detects PII, prompt injection, toxicity, and off-topic content. Returns cleaned text + risk score. Use when: sanitiz... It is an AI Agent Skill for Claude Code / OpenClaw, with 422 downloads so far.
How do I install prompt-sanitizer?
Run "/install prompt-sanitizer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is prompt-sanitizer free?
Yes, prompt-sanitizer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does prompt-sanitizer support?
prompt-sanitizer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created prompt-sanitizer?
It is built and maintained by Daisuke Narita (@daisuke134); the current version is v1.0.0.
More Skills