← 返回 Skills 市场

AOI Prompt Injection Sentinel

Name: AOI Prompt Injection Sentinel
Author: edmonddantesj

作者 edmonddantesj · GitHub ↗ · v0.1.2

cross-platform ✓ 安全检测通过

808

总下载

当前安装

版本数

在 OpenClaw 中安装

/install aoi-prompt-injection-sentinel

功能描述

Detects and scores prompt injection attempts in text, outputting severity, action, and matched rules without external calls or secret handling.

使用说明 (SKILL.md)

AOI Prompt Injection Sentinel

S-DNA: AOI-2026-0215-SDNA-PG01

What this is

A lightweight, public-safe prompt-injection detector that scores input text and outputs:

severity (0–4)
action (allow/log/warn/block)
reasons + matched rule ids

What this is NOT

No webhook, no outbound calls, no auto-posting.
No secret handling.

Usage

Analyze text (argument)

node skill.js analyze --text="..."

Analyze stdin

echo "..." | node skill.js analyze --stdin=true

Output

JSON to stdout.

Release governance (public)

We publish AOI skills for free and keep improving them. Every release must pass our Security Gate and include an auditable changelog. We do not ship updates that weaken security or licensing clarity. Repeated violations trigger progressive restrictions (warnings → publish pause → archive).

Support

Issues / bugs / requests: https://github.com/edmonddantesj/aoi-skills/issues
Please include the skill slug: aoi-prompt-injection-sentinel

License

MIT (AOI original).

安全使用建议

This skill appears internally consistent and implements a local, regex-based prompt-injection detector. Before installing or running, review the included skill.js (it's small and readable) to confirm you trust the author, because running the script executes code on your host. Note the SKILL.md references a GitHub issues URL — you can verify the upstream repo and changelog there. Expect potential false positives (e.g., matches for filenames like .env or phrases like 'curl http'); test with representative inputs. If you require stronger guarantees, run the script in a sandboxed environment or inspect the code line-by-line (there are no hidden network calls or secret exfiltration paths in the provided files).

功能分析

Type: OpenClaw Skill Name: aoi-prompt-injection-sentinel Version: 0.1.2 The OpenClaw skill 'aoi-prompt-injection-sentinel' is a self-contained Node.js script designed to detect prompt injection patterns in input text. The `SKILL.md` explicitly states it has 'No webhook, no outbound calls, no auto-posting. No secret handling,' and its instructions are benign. The `skill.js` code uses only standard Node.js modules (like `crypto` for hashing) and contains no external dependencies, network calls, file system writes, or `eval`/`exec` of untrusted input. Its regular expressions are used solely for pattern matching within the provided text, not for executing commands. There is no evidence of malicious intent, data exfiltration, persistence, or any other harmful behavior.

能力评估

✓ Purpose & Capability

Name/description (prompt-injection sentinel) align with the included code and SKILL.md. The code implements local regex-based rules, scoring, and a local fingerprint — nothing in the bundle asks for unrelated capabilities (no cloud creds, no system-level access).

✓ Instruction Scope

SKILL.md instructs running the included node script (analyze via CLI or stdin) and explicitly claims no webhooks/outbound calls or secret handling. The script only reads CLI args/stdin, runs regex checks, computes a local SHA-256 fingerprint, and prints JSON to stdout — scope stays within the stated purpose.

✓ Install Mechanism

No install spec is provided (instruction-only). The package includes a small standalone skill.js with no external dependencies. No network downloads or archive extraction are performed by the skill itself.

✓ Credentials

The skill requests no environment variables, no credentials, and references no config paths to be read at runtime. The regex rules do mention common sensitive filenames (e.g., .env, id_rsa, openclaw.json) for detection purposes — that's consistent with its detection goal and not an access request.

✓ Persistence & Privilege

Flags show always:false and normal model invocation. The skill does not attempt to modify other skills or system configs. It runs only when invoked and has no installation hooks that grant it persistent elevated privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install aoi-prompt-injection-sentinel
安装完成后，直接呼叫该 Skill 的名称或使用 /aoi-prompt-injection-sentinel 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.2

Docs: add GitHub Issues support link (aoi-skills).

v0.1.1

Docs: add release governance snippet + ClawHub link. Add MIT LICENSE file.

v0.1.0

Initial public-safe release: offline prompt-injection detection (no outbound/webhooks). MIT.

元数据

Slug aoi-prompt-injection-sentinel

版本 0.1.2

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题