← 返回 Skills 市场
309
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install clawsafe
功能描述
Multi-layer security detector for AI agents. Blocks prompt injection, jailbreak, XSS, SQL injection, API key leaks, supply chain attacks, and deployment vuln...
使用说明 (SKILL.md)
clawSafe 🛡️
Enterprise-grade security detector for AI agents
Overview
clawSafe is a comprehensive security middleware that intercepts and blocks malicious input before it reaches your AI agent. Built with defense-in-depth philosophy.
Features
5-Layer Protection
| Layer | Threats | Rules |
|---|---|---|
| LLM Layer | Prompt Injection, Jailbreak, Prompt Leaking, Encoding Attacks | 44 |
| Web Layer | SQL Injection, XSS, CSRF, SSRF | 32 |
| API Layer | Key Exposure, Rate Limiting, Auth Bypass | 19 |
| Supply Chain | Dangerous Dependencies, Remote Code Execution | 8 |
| Deploy Layer | Environment Leaks, Debug Info Disclosure | 10 |
Total: 113+ detection rules
Quick Start
Installation
# Via ClawHub
clawhub install clawSafe
# Manual
cp -r clawSafe ~/.openclaw/workspace/skills/
Basic Usage
const Detector = require('./detector');
const detector = new Detector();
// Scan user input
const result = detector.scan('Ignore previous instructions');
if (!result.safe) {
console.log('Blocked:', result.threats);
// Handle blocked input
}
Return Format
{
safe: boolean; // true if input is safe
threats: Array\x3C{
type: string; // threat category
pattern: string; // matched pattern ID
severity: string; // critical|high|medium|low
confidence: number; // 0-1
description: string;
}>;
confidence: number; // overall confidence 0-1
layersScanned: string[]; // layers that were checked
}
Configuration
config.json
{
"enabled": true,
"logLevel": "info",
"layers": {
"llm": {
"enabled": true,
"rules": ["injection", "jailbreak", "prompt_leak", "encoding"]
},
"web": {
"enabled": true,
"rules": ["sql_injection", "xss", "csrf", "ssrf"]
},
"api": {
"enabled": true,
"rules": ["key_exposure", "rate_limit", "auth"]
},
"supply_chain": {
"enabled": true,
"rules": ["deps"]
},
"deploy": {
"enabled": true,
"rules": ["env_leak", "debug_info"]
}
},
"detection": {
"confidenceThreshold": 0.6,
"minMatchCount": 1
},
"actions": {
"onThreatDetected": "block",
"onUncertain": "log"
}
}
whitelist.json
{
"keywords": ["trusted-keyword"],
"users": ["user-id-1"],
"sessions": ["session-id-1"]
}
Detection Rules
LLM Layer
Prompt Injection Patterns:
ignore previous instructionsdisregard your guidelinesforget all rulesact as if you have no restrictions
Jailbreak Patterns:
DAN modedeveloper moderoleplay as
Encoding Bypass:
- Base64 encoded commands
- Hex encoding
- Unicode homoglyphs
Web Layer
- SQL Injection:
'; DROP TABLE users; -- - XSS:
\x3Cscript>alert(1)\x3C/script> - CSRF: Token manipulation
- SSRF: Internal URL access
API Layer
- API Key exposure:
sk-1234567890 - JWT tokens
- Bearer tokens
- Basic auth credentials
Testing
# Run all tests
node test.js
# Interactive mode
node test-interactive.js
# Demo
node detector.js
Integration
OpenClaw Hook
To integrate with OpenClaw, add to your gateway config:
// gateway.config.js
module.exports = {
middleware: ['clawSafe'],
clawSafe: {
enabled: true,
strictMode: false
}
};
Performance
- Latency: \x3C 5ms per scan
- Memory: ~50KB
- Rules: 113+ (JSON-based, lazy load)
License
MIT
Changelog
v1.0.0
- Initial release
- 5-layer protection
- 113+ detection rules
安全使用建议
This package appears coherent: it implements a local regex-based detector and a hook that intercepts messages to block threats. Before installing: 1) Review the rule files and whitelist to avoid undesired false positives (some regexes are broad). 2) Because the skill can block all incoming messages, test in a staging environment and confirm middleware ordering so legitimate inputs are not dropped. 3) Verify the source/author (there is no homepage) — if you cannot validate the publisher, inspect the code yourself (or have security staff do so) before deploying. 4) If you accept it, restrict its use initially to non-production agents and monitor logs to tune thresholds and whitelist entries.
功能分析
Type: OpenClaw Skill
Name: clawsafe
Version: 1.1.0
The clawSafe bundle is a defensive security middleware designed to protect AI agents by filtering malicious inputs across five layers (LLM, Web, API, Supply Chain, and Deploy). The core logic in `detector.js` and the various layer files (e.g., `layers/llm.js`, `layers/web.js`) uses standard regex-based pattern matching to identify threats like prompt injection, SQLi, and API key exposure. The code is well-documented, lacks any network exfiltration or unauthorized execution capabilities, and its behavior is entirely consistent with its stated purpose of providing security telemetry and input blocking.
能力评估
Purpose & Capability
Name/description (multi-layer security detector) match the code and files: detectors for LLM/Web/API/SupplyChain/Deploy layers, a gateway hook to intercept messages, and rule JSON files. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope
SKILL.md and hook/handler.js limit behavior to scanning input/events and returning block messages; instructions and examples are scoped to that purpose. The runtime code only reads files from the skill directory (config, rules, whitelist) and event fields; it does not access system-wide config, external endpoints, or environment secrets.
Install Mechanism
There is no remote download/install step; code is packaged with the skill (package.json + hook). No brew/npm/URL downloads or archive extraction are used. However, the skill is delivered as source code — review is possible and recommended.
Credentials
The skill declares no required environment variables, credentials, or config paths. It does scan for secret-like patterns in user input but does not request secrets itself.
Persistence & Privilege
The hook is designed to be registered as middleware and intercepts 'message:received', 'message:preprocessed', and 'agent:input' events, giving it the ability to block input before the agent handles it. This is expected for a security middleware but is a meaningful privilege — consider scope/placement and testing before enabling in production.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawsafe - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawsafe触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
clawSafe v1.1.0
- Added new hook documentation in hook/HOOK.md.
- Updated handler logic in hook/handler.js to improve security handling.
- Updated metadata in _meta.json for enhanced skill description and compatibility.
v1.0.0
clawSafe 1.0.0
- Initial release of clawSafe security middleware for AI agents
- Provides 5-layer protection: LLM, Web, API, Supply Chain, Deploy
- Blocks prompt injection, jailbreak, XSS, SQL injection, key leaks, supply chain, and deployment vulnerabilities
- Includes 113+ detection rules
- Supports configurable rules, whitelisting, and integration with OpenClaw
- Low latency (<5ms per scan) and lightweight (~50KB memory)
元数据
常见问题
ClawSafe 是什么?
Multi-layer security detector for AI agents. Blocks prompt injection, jailbreak, XSS, SQL injection, API key leaks, supply chain attacks, and deployment vuln... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 309 次。
如何安装 ClawSafe?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawsafe」即可一键安装,无需额外配置。
ClawSafe 是免费的吗?
是的,ClawSafe 完全免费(开源免费),可自由下载、安装和使用。
ClawSafe 支持哪些平台?
ClawSafe 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawSafe?
由 bvzgong(@silvertime)开发并维护,当前版本 v1.1.0。
推荐 Skills