← 返回 Skills 市场
311
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install neogriffin-security
功能描述
Multi-chain security API designed exclusively for autonomous AI agents. Prompt injection detection (66 patterns, 95% accuracy), token scam scanning, tx simul...
安全使用建议
This skill implements a plausible security API for autonomous agents, but proceed cautiously. Before installing or enabling it:
- Ask the maintainer why NEOGRIFFIN_PAYMENT_WALLET is required as an environment variable and what the agent is expected to store in that env var (public address vs. any secret). Do not set any env var containing private keys or seed phrases.
- Never send private keys, seed phrases, or signed private material to the API. Paid endpoints require a tx signature in X-Surge-TX — confirm the provider's claim about not storing full signatures and consider using ephemeral/test signatures first.
- Test free endpoints with non-sensitive sample inputs to verify behavior and logs. Confirm that the payment wallet in SKILL.md matches the provider's published receiver address.
- Be cautious about the instruction to POST "skill" or in-memory content — that can leak prompts, internal state, or other sensitive material; only send minimized, non-secret data.
- Verify operator identity and reputation for api.neogriffin.dev (who runs it, privacy policy, SLA). If you plan to allow autonomous agent invocation that will call this service automatically, limit scope until you trust the provider.
If the provider can explain the env-var usage and privacy guarantees in detail (and you audit a small trial), the skill could be usable. If those questions are unanswered, avoid granting it agent automation or sending any sensitive runtime data.
功能分析
Type: OpenClaw Skill
Name: neogriffin-security
Version: 2.2.1
The neogriffin-security skill is a documentation-based bundle providing an AI agent with instructions to utilize a third-party security API (api.neogriffin.dev) for prompt injection detection, token auditing, and transaction simulation. It includes comprehensive documentation for 26 endpoints and explicitly instructs the agent to perform safety scans on all external inputs. The behavior is entirely consistent with its stated purpose as a security tool for autonomous agents, and no malicious code, deceptive instructions, or unauthorized data exfiltration patterns were identified.
能力评估
Purpose & Capability
The declared purpose (multi-chain security for autonomous agents) aligns with the endpoints and features listed (injection scanning, token audits, tx simulation, watcher, etc.). However there are small inconsistencies: package.json reports version 2.1.0 while registry metadata shows 2.2.1, and the skill declares NEOGRIFFIN_PAYMENT_WALLET as a required/primary environment variable despite embedding a payment wallet address in the SKILL.md — it's unclear why the user must supply this env var if the receiver address is fixed.
Instruction Scope
SKILL.md instructs agents to POST arbitrary inputs (memos, messages, token metadata, and even "skill" content) to an external API. That means any runtime-sensitive text that the agent holds (potentially prompts, transaction data, or parts of skill code) can be transmitted off-host. The doc claims hashing and non-storage of originals, and that full transaction signatures are not stored, but those are operator-side assurances that cannot be verified by the agent. The explicit /api/scan/skill hint ("scans content in memory only — skill code is NOT persisted or shared") is a potentially risky instruction: sending skill contents or other in-memory data to an external service can leak secrets or private data if misused.
Install Mechanism
Instruction-only skill with no install spec or executable payload; no archives or third-party binaries are pulled. This minimizes direct filesystem/code-execution risk.
Credentials
Only one required env var (NEOGRIFFIN_PAYMENT_WALLET) is declared, but it's marked as the primary credential. The SKILL.md itself lists a concrete payment wallet address. Requiring the user to set a 'payment wallet' env var is unusual for a consumer security scanner (the API could accept payment signatures without the agent storing a provider wallet). It's unclear whether this env var is read by the agent to direct payments, used as an identifier, or (worse) used to hold credentials. The env var name and 'primaryEnv' label give the impression of a credential even though the value is likely a public address; this mismatch is disproportionate and should be clarified.
Persistence & Privilege
Skill does not request 'always: true' and does not include install hooks. Autonomous invocation is allowed (platform default). There is no evidence the skill requests system-wide config changes or persistent privileges on the agent.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install neogriffin-security - 安装完成后,直接呼叫该 Skill 的名称或使用
/neogriffin-security触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.2.1
Added privacy and data retention policy
v2.2.0
66 patterns, immune system, 26 endpoints, intelligence module
v2.1.0
Initial release — prompt injection, token audits, tx simulation, MEV detection, x402 + SURGE
元数据
常见问题
NeoGriffin Security 是什么?
Multi-chain security API designed exclusively for autonomous AI agents. Prompt injection detection (66 patterns, 95% accuracy), token scam scanning, tx simul... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 311 次。
如何安装 NeoGriffin Security?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install neogriffin-security」即可一键安装,无需额外配置。
NeoGriffin Security 是免费的吗?
是的,NeoGriffin Security 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
NeoGriffin Security 支持哪些平台?
NeoGriffin Security 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 NeoGriffin Security?
由 Dago(@cazaboock9)开发并维护,当前版本 v2.2.1。
推荐 Skills