← Back to Skills Marketplace
104
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install mordred-security-sandbox
Description
Performs semantic security analysis and stress testing of AI agents using vector embeddings and multi-node defense strategies.
Usage Guidance
This skill is broadly coherent with its stated purpose, but take these precautions before installing or running:
- Verify 'Ollama' is installed from an official source and that the local Ollama server will run on localhost:11434 as the code expects. The SKILL.md's 'pip install ollama' step may not be the correct installation method in all environments.
- Pulling models (nomic-embed-text, gemma3:4b) will download large model files; do this only on machines where you expect such downloads and storage.
- Run the script in an isolated/test environment first (not on production hosts). The tool may surface or suggest system-level actions (node keywords include 'sudo', 'rm -rf', 'killall', 'exploit'), and its stress tests could generate heavy load.
- Do not feed secrets or sensitive data into the tool or models unless you control the model environment and know its data handling policies.
- Treat its high-accuracy and 100% test claims skeptically; validate outputs against known cases before relying on them for critical decisions.
If you want higher confidence, share the full unabbreviated src/mordred_v4.1.py for a line-by-line review and confirm how the script handles unexpected responses from the Ollama server and whether it makes any external network calls beyond localhost.
Capability Analysis
Type: OpenClaw Skill
Name: mordred-security-sandbox
Version: 4.1.1
The skill bundle provides a security analysis tool called 'Mordred' that uses local vector embeddings (via Ollama) to classify text into security-related categories. The core logic in 'src/mordred_v4.1.py' is transparent, communicating only with a local API (localhost:11434) to generate embeddings and perform cosine similarity calculations. There is no evidence of data exfiltration, unauthorized network access, or malicious command execution; the presence of sensitive strings like 'sudo' or 'rm -rf' in the code is strictly for keyword matching to identify urgent threats in user input.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (semantic security analysis, embeddings, multi-node nodes) match the code and SKILL.md: the script calls a local Ollama embeddings endpoint and uses node profiles to compute STC scores. Requiring Ollama and embedding models is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs running a local Ollama server and pulling two models (nomic-embed-text and gemma3:4b) and then running the Python script. The instructions do not ask for unrelated files, secrets, or remote endpoints. However the docs make strong accuracy/performance claims (100% multilingual accuracy, 100% test pass rate) that are unrealistic. The node keyword lists include dangerous/capability keywords (e.g., 'sudo', 'rm -rf', 'killall', 'exploit', 'zeroday') — appropriate for detection but they also mean the tool may surface or suggest powerful system commands during red-team/stress tests, so treat outputs with caution.
Install Mechanism
This is instruction-only (no installer). SKILL.md directs users to 'pip install ollama' and to 'ollama pull' models. That is a low-risk, transparent install surface, but 'pip install ollama' may be incorrect for some Ollama distributions (Ollama is often installed as a native binary). Model pulls will download large model artifacts — expected for this purpose — and are from Ollama, not an unknown URL.
Credentials
The skill requires no environment variables, no credentials, and the code calls only a local host endpoint. There are no declared or required secrets, which is proportionate to the described functionality.
Persistence & Privilege
Skill is not always-enabled and has no install-time hooks or config writes described; it does not request elevated privileges or modify other skills. Autonomous model invocation is allowed by platform default (not a specific red flag here).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mordred-security-sandbox - After installation, invoke the skill by name or use
/mordred-security-sandbox - Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.1.1
Complete documentation: 3 detailed examples, version history, MIT license, STC thresholds table added
v4.1.0
STC Calculator v4 with semantic embeddings, 16 security nodes, multilingual support (FR/EN/CN), embedding-based threat analysis via Ollama
Metadata
Frequently Asked Questions
What is Morgana Mordred Security Sandbox?
Performs semantic security analysis and stress testing of AI agents using vector embeddings and multi-node defense strategies. It is an AI Agent Skill for Claude Code / OpenClaw, with 104 downloads so far.
How do I install Morgana Mordred Security Sandbox?
Run "/install mordred-security-sandbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Morgana Mordred Security Sandbox free?
Yes, Morgana Mordred Security Sandbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Morgana Mordred Security Sandbox support?
Morgana Mordred Security Sandbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Morgana Mordred Security Sandbox?
It is built and maintained by Kofna3369 (@kofna3369); the current version is v4.1.1.
More Skills