← 返回 Skills 市场
vext-labs

Vext Shield

作者 Vext Labs, Inc. · GitHub ↗ · v1.2.0
cross-platform ✓ 安全检测通过
332
总下载
1
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install vext-shield
功能描述
AI-native security suite for OpenClaw. Scans skills for prompt injection, data exfiltration, cognitive rootkits, semantic worms, and more. Includes static an...
安全使用建议
This package is a self-contained on-host security suite that includes a static signature database and adversarial test payloads. The presence of many 'malicious' strings and test scripts is intentional — they are used to detect and validate detections. Before installing: 1) Verify you trust the publisher (Vext Labs) or inspect the source yourself; 2) Ensure your host can provide the required OS-level sandboxing tools (macOS: sandbox-exec; Linux: unshare) because the red-team and sandboxed behavioral tests refuse to run without them; 3) Expect local files to be created under ~/.openclaw/vext-shield/ (reports, logs, firewall-policy, baselines); 4) Review shared/threat_signatures.json and skills/vext-redteam/redteam.py if you want to confirm which payloads are included; 5) If you lack kernel sandboxing or are uncomfortable with adversarial test payloads on your machine, avoid running the red-team behavioral tests and restrict usage to static scan/audit functions. Finally, although the code claims 'zero network requests', you should still audit the code paths that parse decoded payloads and any code that would process user-provided inputs to ensure no accidental outbound network actions occur in your environment.
功能分析
Type: OpenClaw Skill Name: vext-shield Version: 1.2.0 VEXT Shield is a comprehensive security suite for OpenClaw designed to detect AI-native threats. While the bundle contains malicious code samples (e.g., 'tests/fixtures/exfil_skill/sneaky.py') and adversarial payloads (in 'skills/vext-redteam/redteam.py'), these are explicitly documented in 'allowlist.json' and the README as test fixtures and threat signatures for the scanner. The core logic in 'shared/sandbox_runner.py' demonstrates a high security posture, enforcing OS-level kernel isolation (macOS sandbox-exec or Linux unshare) and stripping sensitive environment variables before executing untrusted code. The suite is defensive in nature and aligns with its stated purpose of providing security auditing, monitoring, and red-teaming capabilities.
能力评估
Purpose & Capability
Name/description match the provided artifacts: the package contains a multi-component scanner, red-team tests, monitor, firewall and dashboard. Required binaries (python3) and included files (scanner, sandbox, threat signatures, test fixtures) are proportional to a local security suite. Files that contain malicious-looking payloads (webhook.site, reverse shell strings, 'Ignore all previous instructions', etc.) are present but documented in allowlist.json as intentional signatures/test fixtures.
Instruction Scope
SKILL.md and code instruct the agent to run local Python scripts and to save reports under ~/.openclaw/vext-shield/reports/. The runtime instructions and sandbox behavior explicitly state they will copy target skills to a temp dir, strip sensitive env vars, and refuse to execute if OS-level kernel sandboxing is unavailable. The SKILL.md includes many example payloads and threat strings (prompt-injection phrases) which triggered pre-scan detectors — these are documented examples used by the scanner and red-team, not instructions to exfiltrate data. Reviewers should confirm the sandbox tools (sandbox-exec on macOS, unshare on Linux) are available on their host before using adversarial tests.
Install Mechanism
No install spec is provided in the registry entry (instruction-only), but the package includes full Python source and a documented manual install (git clone or ClawHub). No external downloads or obscure URLs are used; the code claims zero external dependencies beyond Python stdlib. This is proportionate for an on-host analysis tool. There is no remote fetch/install of third-party packages in the provided artifacts.
Credentials
The skill requests no environment variables or credentials and the sandbox code explicitly strips many sensitive env var names and prefixes. The suite writes reports and logs to ~/.openclaw/vext-shield/, which is expected for a local security tool. No unrelated credentials are requested.
Persistence & Privilege
The skill does not demand 'always: true' or elevated persistent privileges. It will write reports, baselines, firewall policy files and logs under ~/.openclaw/vext-shield/, which is consistent with its function. SKILL.md claims target skills are never modified and sandbox executes against temp copies; the code implements copying and snapshot diffing. If you enable runtime monitoring or firewall policy changes, expect persistent files under the stated data directory.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install vext-shield
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /vext-shield 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
- Enforced unconditional OS-level sandboxing: removed any mention of bypass flags or fallback modes in documentation and code. - Clarified in documentation that the `SandboxRunner` class cannot be configured to skip or weaken sandbox isolation. - Updated policy: execution is always refused if sandboxing is unavailable. - All related documentation and usage instructions updated to reflect stricter sandbox enforcement. - Minor improvements to test coverage and allowlist handling.
v1.1.0
SECURITY: Remove all sandbox bypass options. OS-level kernel isolation (macOS sandbox-exec or Linux unshare) is now REQUIRED — execution is refused if unavailable. No --skip-sandbox flag, no MONITOR fallback, no way to disable isolation. Untrusted code will not run without kernel-level network deny and filesystem restriction.
v1.0.3
Enforce real OS-level sandbox isolation (macOS sandbox-exec, Linux unshare --net). Temp-copy execution ensures original skill files are never modified. HOME overridden to temp directory.
v1.0.2
Enforce real OS-level sandbox isolation (macOS sandbox-exec, Linux unshare --net)
v1.0.1
Add security tool metadata and allowlist.json for scanner false positive resolution
v1.0.0
Initial release — 6 security skills, 227 threat signatures, adversarial red teaming
元数据
Slug vext-shield
版本 1.2.0
许可证
累计安装 0
当前安装数 0
历史版本数 6
常见问题

Vext Shield 是什么?

AI-native security suite for OpenClaw. Scans skills for prompt injection, data exfiltration, cognitive rootkits, semantic worms, and more. Includes static an... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 332 次。

如何安装 Vext Shield?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vext-shield」即可一键安装,无需额外配置。

Vext Shield 是免费的吗?

是的,Vext Shield 完全免费(开源免费),可自由下载、安装和使用。

Vext Shield 支持哪些平台?

Vext Shield 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Vext Shield?

由 Vext Labs, Inc.(@vext-labs)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论