Prompt Shield Publish

Prompt Injection Firewall for AI agents. 113 detection patterns, 14 threat categories, zero dependencies. Protects against fake authority, command injection, memory poisoning, skill malware, crypto spam, and more. Hash-chain tamper-proof whitelist with mandatory peer review. Claude Code hook integration.

This package appears to implement a local prompt-scanner and hook for Claude, but exercise caution before enabling it: - Provenance: the registry lists the source as 'unknown' even though SKILL.md references a GitHub repo. Verify the upstream project and author (download from a trusted repo or vendor) before installing. - Dependencies: despite the claim of "zero dependencies," shield.py requires Python3 and PyYAML. Install those from trusted package sources and inspect installed packages. - Whitelist / peer review: the hash-chain whitelist exists, but the "peer review" protections are enforced only via names in the YAML (strings). There is no cryptographic identity or external approval service in the shipped code, so a local attacker or misconfigured workflow could add approvals or edit the file. Do not enable the whitelist or give it trust until you understand the approval workflow. - File writes: the tool writes whitelist.yaml and whitelist-audit.log in its directory. Consider file permissions, location (use an isolated path), and backups before enabling. - Hook integration: adding the hook requires editing ~/.claude/settings.json; verify what your Claude client does with hook exit codes. Test the scanner locally first (dry-run on benign data) to evaluate false positives and behaviour. - Review for network behavior: the included files show no explicit network calls, but you should search the full shield.py (especially truncated parts) for any HTTP/exec calls before trusting it in production. If you want to proceed: run the code in an isolated environment, inspect the full shield.py for external calls, install PyYAML from a trusted source, and only enable the Claude hook after confirming behaviour and whitelist governance. If you want me to, I can re-scan the remaining truncated parts of shield.py for network or obfuscated behavior (upload the full file text).

Type: OpenClaw Skill Name: prompt-shield Version: 3.0.6 This skill bundle, 'prompt-shield', is a security tool designed to act as a Prompt Injection Firewall for AI agents. All files (SKILL.md, prompt-shield-hook.sh, shield.py, patterns.yaml, whitelist.yaml, SCORING.md) consistently describe and implement a defensive mechanism. The `shield.py` script contains logic for pattern matching, heuristic scoring, and a hash-chain-based whitelist to detect and mitigate various attack types (e.g., command injection, reverse shells, data exfiltration attempts, memory poisoning). The `patterns.yaml` file defines the signatures of these malicious activities that the tool *detects*, not performs. The `prompt-shield-hook.sh` integrates this scanner into an agent's input pipeline to block or warn about malicious input. There is no evidence of intentional harmful behavior, data exfiltration, unauthorized execution, or prompt injection *by* this skill against the agent. The design explicitly includes safeguards against false positives, reinforcing its defensive intent.