← 返回 Skills 市场
atlaspa

Openclaw Warden

作者 AtlasPA · GitHub ↗ · v1.0.3
darwinlinuxwin32 ✓ 安全检测通过
1853
总下载
1
收藏
5
当前安装
6
版本数
在 OpenClaw 中安装
/install openclaw-warden
功能描述
Verify workspace file integrity and scan for prompt injection patterns in agent identity and memory files. Detects unauthorized modifications to SOUL.md, AGENTS.md, IDENTITY.md, memory files, and installed skills. Free detection layer — upgrade to openclaw-warden-pro for automated countermeasures.
安全使用建议
This skill is coherent with its stated purpose and runs entirely locally under python3, but it will create .integrity state in your workspace and can rename/quarantine other skill directories and restore files. Before installing or enabling autonomous invocation: (1) inspect scripts/integrity.py (especially quarantine/restore/protect/rollback implementations) to confirm their behavior matches your expectations, (2) back up your workspace, (3) consider running it manually first rather than granting automated startup hooks or autonomous agent invocation, and (4) verify there are no network calls or hidden endpoints in the remainder of the code if you will run it with sensitive data.
功能分析
Type: OpenClaw Skill Name: openclaw-warden Version: 1.0.3 The OpenClaw Warden skill is a security tool designed to detect unauthorized modifications and prompt injection attacks within an AI agent's workspace. The `SKILL.md` and `README.md` clearly state its defensive purpose, and the `scripts/integrity.py` code implements integrity checks (SHA-256 hashing), injection pattern scanning (for instruction overrides, base64 payloads, exfiltration URLs, shell injection, etc.), and countermeasures like file restoration from local snapshots or Git, and skill quarantine. The code uses only Python standard library modules, makes no network calls, and all operations are local file system or Git commands, confirming its stated 'no external dependencies' claim. There is no evidence of malicious intent, data exfiltration, backdoors, or prompt injection against the agent itself; rather, it actively defends against these threats.
能力评估
Purpose & Capability
Name/description, required binary (python3), and the included script all align: the tool collects workspace files, computes checksums, and scans for prompt-injection patterns. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Runtime instructions are constrained to workspace scanning and integrity operations (baseline, verify, scan, full, status, accept). The script resolves a workspace via CLI arg, OPENCLAW_WORKSPACE, current dir, or a default; this is consistent with the stated behavior. Note: SKILL.md explicitly lists injection patterns (e.g., 'ignore previous instructions'), which triggered the static pre-scan detector — that is expected because the skill documents those strings as things to flag.
Install Mechanism
No install spec; user copies skill into workspace and runs python3 scripts/integrity.py. This is low-risk compared to remote downloads or package installs. The script writes a local .integrity directory in the workspace for manifests/snapshots, which is expected.
Credentials
No environment variables or credentials are required. The only environment access is optional workspace detection via OPENCLAW_WORKSPACE and reading/writing files inside the workspace directory — proportionate to its purpose.
Persistence & Privilege
The tool will create .integrity snapshots and can quarantine/restore/rollback skills and files (QUARANTINE_PREFIX indicates renaming/moving skills). Those filesystem modifications are in-scope for a countermeasure tool, but they are destructive actions so users should review code and run with care. always:false (not force-installed) and no extra privileges requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-warden
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-warden 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
openclaw-warden 1.0.3 - Removed promotional references to openclaw-warden-pro from documentation. - Cleaned up SKILL.md metadata and description formatting for clarity. - No functional code changes; this update is documentation-only.
v1.0.2
openclaw-warden 1.0.2 changelog: - Updated README.md with improved formatting and clarifications. - No changes to functionality or code; documentation update only.
v1.0.1
Re-publish with proper metadata
v0.1.1
- Initial public release. - Added Python script (scripts/integrity.py) for verifying workspace file integrity and scanning for prompt injection patterns. - Provided detailed documentation in README.md for setup, usage, command reference, monitoring scope, and response actions. - No external Python dependencies required; uses only the standard library.
v0.1.0
- Removed .gitignore, README.md, and scripts/integrity.py files. - Skill package no longer includes the script for workspace integrity and injection scanning. - Documentation and user command instructions remain unchanged in SKILL.md, but related functionality is now absent.
v1.0.0
Initial release of openclaw-warden — workspace file integrity and prompt injection monitoring. - Monitors critical files (SOUL.md, AGENTS.md, IDENTITY.md, USER.md, TOOLS.md, HEARTBEAT.md), memory files, config JSON, and installed skill manifests. - Detects unauthorized modifications, prompt injection, markdown/image exfiltration, HTML and shell injection, and Unicode attacks. - Offers commands for baseline creation, integrity verification, injection scanning, one-line status checks, full verification, and selective baseline acceptance. - Cross-platform, no pip dependencies; utilizes only Python standard library. - Free detection layer; upgrade option available for automated countermeasures.
元数据
Slug openclaw-warden
版本 1.0.3
许可证
累计安装 5
当前安装数 5
历史版本数 6
常见问题

Openclaw Warden 是什么?

Verify workspace file integrity and scan for prompt injection patterns in agent identity and memory files. Detects unauthorized modifications to SOUL.md, AGENTS.md, IDENTITY.md, memory files, and installed skills. Free detection layer — upgrade to openclaw-warden-pro for automated countermeasures. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1853 次。

如何安装 Openclaw Warden?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-warden」即可一键安装,无需额外配置。

Openclaw Warden 是免费的吗?

是的,Openclaw Warden 完全免费(开源免费),可自由下载、安装和使用。

Openclaw Warden 支持哪些平台?

Openclaw Warden 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。

谁开发了 Openclaw Warden?

由 AtlasPA(@atlaspa)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论