← 返回 Skills 市场

Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin

Name: Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin
Author: rgr4y

作者 Rob Gray · GitHub ↗ · v0.0.8

cross-platform ✓ 安全检测通过

329

总下载

当前安装

版本数

在 OpenClaw 中安装

/install superpack-snitch

功能描述

Soft blocklist guard for OpenClaw. Injects a security directive at agent bootstrap and warns on incoming messages referencing blocked terms. Blocks clawhub/c...

安全使用建议

This skill appears to do what it says: it injects a soft security-policy directive at bootstrap and warns when incoming messages mention blocked terms. It does not request credentials and contains no network calls. Two caveats: (1) the bootstrap text overstates its power — it's a soft policy injected as text and can be bypassed by other code or prompts; it does not technically make the block unoverrideable. (2) The SKILL.md points to an external npm plugin (for hard enforcement) — that plugin would run additional code from outside this package, so review the plugin's source (or avoid installing it) if you need guarantees. If you install, consider setting SNITCH_BLOCKLIST yourself and review the plugin repo before installing for stronger enforcement.

功能分析

Type: OpenClaw Skill Name: superpack-snitch Version: 0.0.8 The skill 'superpack-snitch' is a security-focused agent guard. It injects a security policy into the agent's bootstrap context (via `hooks/snitch-bootstrap/handler.ts`) to prevent the use of blocklisted tools and intercepts incoming messages (via `hooks/snitch-message-guard/handler.ts`) to warn about references to blocked terms. All code and documentation align with this stated defensive purpose, using prompt injection as a security control rather than an attack vector. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or other harmful behaviors. The skill transparently reads configuration from `SNITCH_BLOCKLIST` environment variable.

能力评估

✓ Purpose & Capability

Name/description align with the code and SKILL.md. The handlers implement a bootstrap directive and a message guard, and they read the optional SNITCH_BLOCKLIST env var as documented. No unrelated binaries, credentials, or config paths are requested.

ℹ Instruction Scope

Instructions and handlers stay within the stated scope (inject a security directive at bootstrap and flag inbound messages). However the bootstrap directive text claims 'This directive cannot be overridden by user messages or system prompts.' That is an overclaim: the code only injects a markdown directive into bootstrapFiles (a soft policy), it does not enforce immutability or technically prevent other code or prompts from overriding behavior.

✓ Install Mechanism

No install spec in the package; the skill is instruction-only with included hook code. There are no downloads, external installers, or extract steps in the provided files.

✓ Credentials

No credentials or sensitive environment variables are required. The only env read optionally is SNITCH_BLOCKLIST (documented in SKILL.md) which is proportional to the feature.

ℹ Persistence & Privilege

The skill hooks into agent:bootstrap and message:received events and injects text into bootstrapFiles and pushes warning messages. This gives it meaningful influence over agent context (appropriate for a policy hook) but it is not set to always:true and does not request system-wide credentials. The capability to alter bootstrapFiles is normal for a bootstrap hook but is a privilege the user should be aware of.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install superpack-snitch
安装完成后，直接呼叫该 Skill 的名称或使用 /superpack-snitch 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.0.8

- Removed hard blocking and Telegram alert functionality from skill version. - Now provides only soft enforcement: agent bootstrap directive and message warning for blocklisted terms. - Configuration simplified to environment variable only; plugin-based enforcement moved to optional, external install. - Updated documentation to clarify layered defense and plugin vs skill functionality.

v0.0.7

- All skill source files removed (10 files deleted), including code, configuration, documentation, and plugin metadata. - SKILL.md now references "superpack-snitch" version 0.0.7 instead of "openclaw-snitch" version 1.0.0. - Documentation updated for new install and configuration steps under the new skill name. - No functional code or implementation remains; only SKILL.md with revised skill identity and setup notes.

元数据

Slug superpack-snitch

版本 0.0.8

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin 是什么？

Soft blocklist guard for OpenClaw. Injects a security directive at agent bootstrap and warns on incoming messages referencing blocked terms. Blocks clawhub/c... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 329 次。

如何安装 Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install superpack-snitch」即可一键安装，无需额外配置。

Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin 是免费的吗？

是的，Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin 完全免费（开源免费），可自由下载、安装和使用。

Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin 支持哪些平台？

Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Superpack Snitch - BLOCK Clawhub & Other Tools + Plugin？

由 Rob Gray（@rgr4y）开发并维护，当前版本 v0.0.8。