← 返回 Skills 市场
Senseguard
作者
fermionoid
· GitHub ↗
· v1.0.1
1675
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install senseguard
功能描述
Semantic security scanner for OpenClaw skills. Detects prompt injection, data exfiltration, and hidden instructions that traditional code scanners miss. Use when user asks to scan skills, check skill safety, or run a security audit.
安全使用建议
SenseGuard appears to implement the scanner it claims to be, but there are privacy and persistence trade-offs you should consider before installing:
- It reads many text files (including .env and other config-like files) when scanning to detect exfiltration and credential access — expect sensitive values to be read during scans.
- The tool caches scan results to ~/.openclaw/senseguard/cache.json. That cache can contain evidence snippets and generated prompts; inspect or encrypt/relocate the cache if you don't want scan artifacts stored in your home directory, or run with --no-cache.
- Semantic (Layer 2) analysis is performed by sending a constructed prompt to an LLM (the agent). If you enable deep/Layer 2 scanning or allow autonomous model invocation, the full skill content can be transmitted to the LLM provider. If that is unacceptable, avoid deep scans or run the tool in an isolated environment and/or ensure the LLM endpoint is trusted.
- The SKILL.md contains example malicious phrases (prompt-injection test cases) which triggered the pre-scan detector — this is expected for a scanner, not proof of malicious intent.
Recommendations before installing or running:
- Review the source files yourself (they are bundled) and verify the cache path and contents.
- Run initial scans in a controlled environment (sandbox or VM) and use --no-cache when scanning sensitive skills.
- If you need semantic Layer 2 analysis, decide whether your LLM provider and data-handling policies are acceptable for sending full skill content.
- If you have low tolerance for persistent artifacts, consider editing CacheManager to encrypt the cache or change the cache file location before use.
If you want, I can (a) point out exact lines that write/store layer2_prompt or evidence to the cache/report, (b) show how to run the scanner without Layer 2 or without caching, or (c suggest a minimal patch to avoid persisting evidence text in the cache.
功能分析
Type: OpenClaw Skill
Name: senseguard
Version: 1.0.1
The OpenClaw skill 'senseguard' is a security scanner designed to detect prompt injection, data exfiltration, obfuscation, and persistence attacks in other OpenClaw skills. All code and documentation, including the SKILL.md and the `ANALYSIS_PROMPT_TEMPLATE` in `semantic_analyzer.py`, consistently describe and implement functionality for *detecting* malicious behavior, not performing it. The scanner generates prompts for an AI agent to analyze *other* skills, and its internal rules are designed to identify known attack patterns. There is no evidence of intentional harmful behavior or instructions for the agent to act maliciously.
能力评估
Purpose & Capability
Name, description, and bundled code (rule engine, semantic analyzer, scanner, reputation scorer, rules) align with a semantic security scanner. It searches installed skills under ~/.openclaw/skills and workspace 'skills' which is expected for this purpose. The engine intentionally examines file types like .env and SKILL.md to find credential/exfiltration patterns — that is coherent for a security scanner, but may be surprising because it implies the tool will read sensitive files.
Instruction Scope
SKILL.md instructs the agent to run python scripts and to process a generated 'layer2_prompt' via the agent/LLM and feed the JSON back. That is necessary for semantic layer analysis but means the full skill content (potentially including secrets read from .env or other files) may be sent to whatever LLM the agent uses. The SKILL.md also contains example malicious phrases (e.g., 'ignore all previous instructions'), which triggered the pre-scan injection detector; this is expected for a scanner that demonstrates what to detect, but it also means the skill intentionally crafts test cases that match prompt-injection patterns.
Install Mechanism
No remote install hooks or downloads are declared; this is an instruction + bundled-code skill with no network-based install. That lowers supply-chain/install risk. All code is included in the package.
Credentials
The skill does not request environment variables or credentials, which matches its stated purpose. However, it explicitly scans files like .env, SKILL.md, and other text assets for secrets/patterns. Reading these files is logically consistent for a security scanner but is privacy-sensitive because scan output and cache may retain snippets of sensitive data.
Persistence & Privilege
always:false and the scanner does not attempt to modify other skills, but it writes persistent cache data to ~/.openclaw/senseguard/cache.json and stores scan results (including layer2_prompt and findings). That persistent storage can contain evidence snippets or generated prompts. The scanner's Layer 2 workflow also relies on the agent/LLM to process prompts — if you permit the agent to run Layer 2, scanned content may be transmitted to the LLM provider. Both cache persistence and LLM-driven analysis increase blast radius for accidental data exposure.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install senseguard - 安装完成后,直接呼叫该 Skill 的名称或使用
/senseguard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Version 1.0.1 — Minor rule and logic updates for enhanced detection reliability.
- Improved detection logic in prompt injection rule.
- Updated reputation scoring mechanism for more accurate risk evaluation.
- Enhanced rule engine for better integration with new findings.
- Minor scanner script refinements for stability.
v1.0.0
v1.0.0 — Initial Release
SenseGuard is a lightweight semantic security scanner for OpenClaw skills. It complements VirusTotal's code-level malware scanning by focusing on what traditional scanners cannot see: natural language threats targeting AI agents.
VirusTotal sees SKILL.md as a text file. SenseGuard sees it as agent instructions — and catches prompt injection, data exfiltration, obfuscation, and persistence attacks hidden in plain text.
What's included:
3-layer detection: regex rules (instant, zero cost) + LLM semantic analysis (optional) + 0-100 reputation scoring
28 detection rules across 5 threat categories (prompt injection, data exfiltration, malicious code, persistence, obfuscation)
Markdown risk reports with evidence, line numbers, and actionable recommendations
SHA-256 content-hash caching (7-day expiry)
Minimal footprint: Only requires Python 3 + PyYAML. 12 files, no external API calls, no extra dependencies. The scanner runs locally in milliseconds for Layer 1; Layer 2 uses your own configured model when needed.
元数据
常见问题
Senseguard 是什么?
Semantic security scanner for OpenClaw skills. Detects prompt injection, data exfiltration, and hidden instructions that traditional code scanners miss. Use when user asks to scan skills, check skill safety, or run a security audit. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1675 次。
如何安装 Senseguard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install senseguard」即可一键安装,无需额外配置。
Senseguard 是免费的吗?
是的,Senseguard 完全免费(开源免费),可自由下载、安装和使用。
Senseguard 支持哪些平台?
Senseguard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Senseguard?
由 fermionoid(@fermionoid)开发并维护,当前版本 v1.0.1。
推荐 Skills