← 返回 Skills 市场
prompt-sanitizer
作者
Daisuke Narita
· GitHub ↗
· v1.0.0
422
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install prompt-sanitizer
功能描述
Sanitize prompts before sending to LLMs. Detects PII, prompt injection, toxicity, and off-topic content. Returns cleaned text + risk score. Use when: sanitiz...
安全使用建议
This skill will send the prompts you want sanitized to an external service (anicca-proxy-production.up.railway.app) by installing/using an npm CLI (awal) and requiring you to authenticate. Before installing, verify the upstream package and API owner: ask for source code or a reputable homepage, confirm data handling/retention and whether payments or wallet keys are required, and avoid sending sensitive PII until you trust the endpoint. If you prefer not to expose prompts externally, use a local sanitizer or a vetted provider instead.
功能分析
Type: OpenClaw Skill
Name: prompt-sanitizer
Version: 1.0.0
The skill is designed for a security-enhancing purpose (prompt sanitization), but it includes a prerequisite to globally install an external npm package (`[email protected]`) via `npm install -g`. This introduces a supply chain risk, as the integrity of the `awal` package is critical; a compromised package could lead to arbitrary code execution on the agent's system. Additionally, the skill relies on an external API endpoint (anicca-proxy-production.up.railway.app) for its core functionality, which is another external dependency risk. While these actions are plausibly needed for the skill's stated purpose, they represent significant high-risk capabilities without clear malicious intent within the skill bundle itself, thus classifying it as suspicious rather than benign.
能力评估
Purpose & Capability
Name and description match the runtime instructions: the skill sanitizes text and returns flags/risk score. However the SKILL.md relies entirely on an external HTTP API (anicca-proxy-production.up.railway.app) and a third-party npm CLI (awal), plus mentions payment in USDC — elements not described in the registry metadata or homepage. Using an external service and a pay-per-request model is plausible for a sanitizer, but the lack of provenance for the endpoint and the unexpected payment detail are noteworthy.
Instruction Scope
The runtime instructions tell the agent (and user) to install and authenticate a third-party CLI and POST the raw text to an external API. That means any prompt (including sensitive PII) would be transmitted off-host. The example text includes the phrase 'Ignore previous instructions' (a known injection pattern) — while that may be intended as a test case, its presence was flagged by the pre-scan as an injection signal. The SKILL.md does not provide any local-only sanitization alternative or clarify data handling, retention, or privacy.
Install Mechanism
Although the registry lists no install spec, SKILL.md recommends npm install -g [email protected] and uses npx to invoke awal. Installing or invoking an npm package at runtime is common but pulls code from a public registry (moderate risk) and the specific package 'awal' is not documented in the metadata. The endpoint is hosted on railway.app under a subdomain (a personal/proxy host rather than a known vendor domain), which increases risk relative to a well-known provider or official API URL.
Credentials
The skill metadata declares no required environment variables or credentials, but the SKILL.md instructs running 'awal auth login' (implying authentication/storage of credentials) and mentions payment in USDC on a specific chain. Those authentication/payment requirements are not declared in requires.env or primaryEnv. That mismatch means the skill may request or store credentials at runtime without the installation metadata making that explicit.
Persistence & Privilege
The skill is not marked always:true and uses the platform defaults for invocation. It does not request system-wide privileges in the metadata, and there are no instructions to modify other skills or agent configuration. No additional persistence or elevated privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install prompt-sanitizer - 安装完成后,直接呼叫该 Skill 的名称或使用
/prompt-sanitizer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
prompt-sanitizer 是什么?
Sanitize prompts before sending to LLMs. Detects PII, prompt injection, toxicity, and off-topic content. Returns cleaned text + risk score. Use when: sanitiz... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 422 次。
如何安装 prompt-sanitizer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install prompt-sanitizer」即可一键安装,无需额外配置。
prompt-sanitizer 是免费的吗?
是的,prompt-sanitizer 完全免费(开源免费),可自由下载、安装和使用。
prompt-sanitizer 支持哪些平台?
prompt-sanitizer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 prompt-sanitizer?
由 Daisuke Narita(@daisuke134)开发并维护,当前版本 v1.0.0。
推荐 Skills