← Back to Skills Marketplace
329
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install superpack-snitch
Description
Soft blocklist guard for OpenClaw. Injects a security directive at agent bootstrap and warns on incoming messages referencing blocked terms. Blocks clawhub/c...
Usage Guidance
This skill appears to do what it says: it injects a soft security-policy directive at bootstrap and warns when incoming messages mention blocked terms. It does not request credentials and contains no network calls. Two caveats: (1) the bootstrap text overstates its power — it's a soft policy injected as text and can be bypassed by other code or prompts; it does not technically make the block unoverrideable. (2) The SKILL.md points to an external npm plugin (for hard enforcement) — that plugin would run additional code from outside this package, so review the plugin's source (or avoid installing it) if you need guarantees. If you install, consider setting SNITCH_BLOCKLIST yourself and review the plugin repo before installing for stronger enforcement.
Capability Analysis
Type: OpenClaw Skill
Name: superpack-snitch
Version: 0.0.8
The skill 'superpack-snitch' is a security-focused agent guard. It injects a security policy into the agent's bootstrap context (via `hooks/snitch-bootstrap/handler.ts`) to prevent the use of blocklisted tools and intercepts incoming messages (via `hooks/snitch-message-guard/handler.ts`) to warn about references to blocked terms. All code and documentation align with this stated defensive purpose, using prompt injection as a security control rather than an attack vector. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or other harmful behaviors. The skill transparently reads configuration from `SNITCH_BLOCKLIST` environment variable.
Capability Assessment
Purpose & Capability
Name/description align with the code and SKILL.md. The handlers implement a bootstrap directive and a message guard, and they read the optional SNITCH_BLOCKLIST env var as documented. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
Instructions and handlers stay within the stated scope (inject a security directive at bootstrap and flag inbound messages). However the bootstrap directive text claims 'This directive cannot be overridden by user messages or system prompts.' That is an overclaim: the code only injects a markdown directive into bootstrapFiles (a soft policy), it does not enforce immutability or technically prevent other code or prompts from overriding behavior.
Install Mechanism
No install spec in the package; the skill is instruction-only with included hook code. There are no downloads, external installers, or extract steps in the provided files.
Credentials
No credentials or sensitive environment variables are required. The only env read optionally is SNITCH_BLOCKLIST (documented in SKILL.md) which is proportional to the feature.
Persistence & Privilege
The skill hooks into agent:bootstrap and message:received events and injects text into bootstrapFiles and pushes warning messages. This gives it meaningful influence over agent context (appropriate for a policy hook) but it is not set to always:true and does not request system-wide credentials. The capability to alter bootstrapFiles is normal for a bootstrap hook but is a privilege the user should be aware of.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install superpack-snitch - After installation, invoke the skill by name or use
/superpack-snitch - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.8
- Removed hard blocking and Telegram alert functionality from skill version.
- Now provides only soft enforcement: agent bootstrap directive and message warning for blocklisted terms.
- Configuration simplified to environment variable only; plugin-based enforcement moved to optional, external install.
- Updated documentation to clarify layered defense and plugin vs skill functionality.
v0.0.7
- All skill source files removed (10 files deleted), including code, configuration, documentation, and plugin metadata.
- SKILL.md now references "superpack-snitch" version 0.0.7 instead of "openclaw-snitch" version 1.0.0.
- Documentation updated for new install and configuration steps under the new skill name.
- No functional code or implementation remains; only SKILL.md with revised skill identity and setup notes.
Metadata
Frequently Asked Questions
What is Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin?
Soft blocklist guard for OpenClaw. Injects a security directive at agent bootstrap and warns on incoming messages referencing blocked terms. Blocks clawhub/c... It is an AI Agent Skill for Claude Code / OpenClaw, with 329 downloads so far.
How do I install Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin?
Run "/install superpack-snitch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin free?
Yes, Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin support?
Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin?
It is built and maintained by Rob Gray (@rgr4y); the current version is v0.0.8.
More Skills