← 返回 Skills 市场
Prompt Injection Removal
作者
Daniel Ward
· GitHub ↗
· v1.0.1
561
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install prompt-inject-removal
功能描述
A secure sanitization system to strip instructions from external content.
安全使用建议
This skill is internally coherent and doesn't request secrets or external installs. Before using it in production: (1) Verify the agent actually applies PROMPT.md as a hardened system prompt (the sanitizer only works if enforced). (2) Do not rely solely on this tool for safety — manually review sanitized summaries before any state-changing action. (3) If you run setup.sh, know it will write files to disk in the target directory; inspect the script first. (4) For high-risk workflows, run the sanitization in an isolated sub-agent or sandbox and test the skill with known injection payloads to validate behavior.
功能分析
Type: OpenClaw Skill
Name: prompt-inject-removal
Version: 1.0.1
This skill bundle is designed as a defensive mechanism against prompt injection attacks. The `SKILL.md` and `PROMPT.md` files contain explicit instructions for the OpenClaw agent to act as a 'Zero-Trust' sanitization engine, specifically to identify and ignore instructions within untrusted input. The `references/security.md` documentation further clarifies that phrases like 'ignore previous instructions' are included as negative constraints for the sanitization agent, not as instructions for the OpenClaw agent to follow. The `setup.sh` script is benign, merely creating the necessary markdown files. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or persistence mechanisms.
能力评估
Purpose & Capability
Name/description, files (PROMPT.md, SKILL.md, references) and lack of env/binary requirements align with a sanitization-only skill. There are no unrelated credentials, network endpoints, or binaries requested that would contradict the stated purpose.
Instruction Scope
SKILL.md and PROMPT.md stay within sanitization scope: fetch content, wrap in <untrusted_input_data> tags, and apply the hardened prompt rules. The docs explicitly include defensive strings (e.g., 'ignore previous instructions') which static scanners flag; those are intentional defensive rules. Operational risk: the sanitization relies on the agent actually using PROMPT.md as a hardened system prompt and on the model obeying constraints — both are runtime risks, not contradictions in the package.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. The package includes a setup.sh that, if executed, writes the provided SKILL.md/PROMPT.md/references files into a target directory — this is a local write operation included in the archive (no remote downloads). Users should be aware setup.sh will create files on disk if run, but no external code is fetched.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no unexpected secret requests or cross-service credentials, which is proportionate for the stated function.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. The only persistence risk is if the included setup.sh is executed — it creates files in a target directory but does not alter system settings or other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install prompt-inject-removal - 安装完成后,直接呼叫该 Skill 的名称或使用
/prompt-inject-removal触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Homepage link, emoji, and tags metadata added for better discoverability.
- Description clarified: emphasizes stripping instructions from external content.
- Setup instructions simplified—no external API or complex configuration required.
- Workflow and headings streamlined for clarity and conciseness.
- Language modernized and "Zero-Trust" approach highlighted.
v1.0.0
Initial release of prompt_inject_removal skill:
- Provides a secure system for summarizing and sanitizing untrusted external content using instruction-proof prompts.
- Automatically processes and sanitizes raw content from web sources before introducing it to conversations.
- Uses XML tagging and a hardened summarization prompt to prevent prompt injection attacks.
- Includes configuration details and security documentation for further reference.
元数据
常见问题
Prompt Injection Removal 是什么?
A secure sanitization system to strip instructions from external content. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 561 次。
如何安装 Prompt Injection Removal?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install prompt-inject-removal」即可一键安装,无需额外配置。
Prompt Injection Removal 是免费的吗?
是的,Prompt Injection Removal 完全免费(开源免费),可自由下载、安装和使用。
Prompt Injection Removal 支持哪些平台?
Prompt Injection Removal 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Prompt Injection Removal?
由 Daniel Ward(@quarantiine)开发并维护,当前版本 v1.0.1。
推荐 Skills