← 返回 Skills 市场
nukewire

ClawDefender - OpenClaw Security - Prompt injection, rogue skills etc

作者 Nukewire · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
10162
总下载
31
收藏
72
当前安装
2
版本数
在 OpenClaw 中安装
/install clawdefender
功能描述
Security scanner and input sanitizer for AI agents. Detects prompt injection, command injection, SSRF, credential exfiltration, and path traversal attacks. Use when (1) installing new skills from ClawHub, (2) processing external input like emails, calendar events, Trello cards, or API responses, (3) validating URLs before fetching, (4) running security audits on your workspace. Protects agents from malicious content in untrusted data sources.
安全使用建议
Treat ClawDefender as a heuristic helper, not a complete security boundary. Review the scripts before use, be cautious with --check-url as a sole fetch gate, and only enable persistent HEARTBEAT or cron workflows if you want that ongoing behavior.
功能分析
Type: OpenClaw Skill Name: clawdefender Version: 1.0.1 The skill bundle 'clawdefender' is a security tool designed to protect AI agents from various attacks, including prompt injection, command injection, SSRF, credential exfiltration, and path traversal. The `SKILL.md` clearly outlines its defensive purpose and instructs the agent to be cautious of flagged content. The `clawdefender.sh` script implements extensive detection patterns for malicious activities and performs audits, input validation, and safe skill installation. The `sanitize.sh` script acts as a wrapper for prompt injection detection. All observed behaviors are consistent with a legitimate security scanner and lack any evidence of intentional harmful actions by the skill itself.
能力评估
Purpose & Capability
The skill purpose is coherent, but the visible URL validation allowlists by substring before SSRF checks, and the JSON sanitizer mode appears under-implemented compared with its documentation.
Instruction Scope
The instructions tell agents not to follow flagged content and suggest persistent HEARTBEAT guidance; this is purpose-aligned security guidance but affects future agent behavior.
Install Mechanism
There is no install spec, but SKILL.md documents manual script copying/chmod and a user-directed --install flow that runs npx clawhub install before scanning the installed skill.
Credentials
The audit behavior targets installed skills/scripts under a hard-coded workspace path, which is broad but aligned with the stated security-audit purpose.
Persistence & Privilege
The artifacts reference persistent security logs, a whitelist file, HEARTBEAT guidance, and cron examples; these are disclosed/user-directed, with no hidden background execution shown.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install clawdefender
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /clawdefender 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
ClawDefender v1.0.1 - Tuned pattern detection to reduce false positives.
v1.0.0
- Initial release of ClawDefender v1.0.0. - Provides a comprehensive security toolkit for AI agents, including malware scanning, input sanitization, and blocking of prompt injection attacks. - Detects prompt injection, command injection, SSRF, credential exfiltration, and path traversal threats. - Includes scripts for auditing skills, sanitizing external input, validating URLs, and checking text for malicious patterns. - Designed for use during skill installation, processing of external input, and regular security audits. - Follows OWASP LLM Top 10 best practices and integrates easily with automation and CI/CD workflows.
元数据
Slug clawdefender
版本 1.0.1
许可证
累计安装 351
当前安装数 72
历史版本数 2
常见问题

ClawDefender - OpenClaw Security - Prompt injection, rogue skills etc 是什么?

Security scanner and input sanitizer for AI agents. Detects prompt injection, command injection, SSRF, credential exfiltration, and path traversal attacks. Use when (1) installing new skills from ClawHub, (2) processing external input like emails, calendar events, Trello cards, or API responses, (3) validating URLs before fetching, (4) running security audits on your workspace. Protects agents from malicious content in untrusted data sources. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 10162 次。

如何安装 ClawDefender - OpenClaw Security - Prompt injection, rogue skills etc?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawdefender」即可一键安装,无需额外配置。

ClawDefender - OpenClaw Security - Prompt injection, rogue skills etc 是免费的吗?

是的,ClawDefender - OpenClaw Security - Prompt injection, rogue skills etc 完全免费(开源免费),可自由下载、安装和使用。

ClawDefender - OpenClaw Security - Prompt injection, rogue skills etc 支持哪些平台?

ClawDefender - OpenClaw Security - Prompt injection, rogue skills etc 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 ClawDefender - OpenClaw Security - Prompt injection, rogue skills etc?

由 Nukewire(@nukewire)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论