← 返回 Skills 市场
Willow External Guard
作者
Sean Campbell
· GitHub ↗
· v1.0.0
· MIT-0
64
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install willow-external-guard
功能描述
Use when Willow is about to ingest, summarize, or act on external content — web fetches, jeles inbound messages, corpus archaeology files, or sub-agent outpu...
安全使用建议
This skill appears to implement what it claims: a pattern-based prompt-injection scanner and a sandwich wrapper for external content, with no network calls or credential requests. Before installing, verify these points: (1) SKILL.md expects guard events to be appended to sap/log/gaps.jsonl on non-CLEAN results, but scripts/guard.py does not write that file — decide whether the agent or caller should perform the logging and ensure that behavior is implemented and permissioned safely. (2) Confirm how the agent will enforce CONFIRM/BLOCK flows described in SKILL.md (the script returns exit codes and prints excerpts, but user prompts and message-dropping must be implemented by the integrating agent). (3) Review and test the regex patterns against representative inputs to estimate false positives and evasions (pattern-based scanners can be bypassed by obfuscation). (4) Ensure the agent runs this script in a sandboxed context with minimal file permissions — if you do allow log writes, limit them to an application-owned log directory and check retention/rotation. If these integration details are acceptable and you audit the guard's behavior in your environment, the skill itself is low risk; if you need the SKILL.md logging/behavior guaranteed, request an updated script or agent integration that implements it explicitly.
功能分析
Type: OpenClaw Skill
Name: willow-external-guard
Version: 1.0.0
The willow-external-guard skill is a defensive utility designed to detect and mitigate prompt injection attacks. It uses a Python script (guard.py) to perform regex-based scanning for known attack patterns (e.g., 'DAN' personas, instruction overrides, and system prompt probes) and provides instructions for the agent to wrap untrusted content in protective markers (sandwich defense). The code and instructions are clearly aligned with the stated security purpose and do not exhibit any malicious behaviors such as data exfiltration or unauthorized command execution.
能力评估
Purpose & Capability
Name, description, and included script align: the guard script implements pattern-based detection and a sandwich wrapper for external content. Nothing in the package requests unrelated credentials or binaries (only python3). However, SKILL.md instructs appending guard events to sap/log/gaps.jsonl after non-CLEAN results; the provided script does not perform that logging, so the operational expectation in the documentation is not fully implemented by the code.
Instruction Scope
SKILL.md describes scanning, wrapping, and user-confirm flows and also instructs writing a record to sap/log/gaps.jsonl on blocked/non-CLEAN events. The included script performs scanning, emits results, supports --wrap, and sets exit codes, but it does not write to sap/log/gaps.jsonl or otherwise implement the logging/ingest/drop behaviors described. That mismatch could lead to gaps in telemetry or incorrectly delegated responsibilities to the caller/agent.
Install Mechanism
Instruction-only install (no install spec). The package includes a single Python script and requires only python3 on PATH. No downloads, external installers, or network fetches are present in the files provided.
Credentials
No environment variables, secrets, or config paths are requested. The skill’s functionality (text scanning/wrapping) does not require credentials, so the lack of requested secrets is proportionate.
Persistence & Privilege
The skill does not request persistent/always-on privileges (always: false). SKILL.md suggests writing to sap/log/gaps.jsonl (a local log path), which would require file write access in the agent runtime; the script itself does not perform that write. Verify how the agent integrates logging and whether file permissions would be needed — writing logs to application directories could be appropriate but should be explicit and constrained.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install willow-external-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/willow-external-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Willow External Guard for protecting Willow’s external content pipeline.
- Scans and wraps all untrusted external content (web, jeles messages, corpus files, sub-agent outputs) before LLM processing.
- Detects and responds to prompt injection, role hijack, leak attacks, and approval bypass attempts.
- Applies graded response levels: WARN (log and proceed), CONFIRM (ask user), BLOCK (refuse content).
- Logs all suspicious or blocked events to a dedicated file without recording sensitive content.
- Includes robust sandwich defense markers for minimizing LLM execution risk.
- Designed for use in Linux and Darwin environments, requiring Python 3.
元数据
常见问题
Willow External Guard 是什么?
Use when Willow is about to ingest, summarize, or act on external content — web fetches, jeles inbound messages, corpus archaeology files, or sub-agent outpu... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 64 次。
如何安装 Willow External Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install willow-external-guard」即可一键安装,无需额外配置。
Willow External Guard 是免费的吗?
是的,Willow External Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Willow External Guard 支持哪些平台?
Willow External Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin)。
谁开发了 Willow External Guard?
由 Sean Campbell(@rudi193-cmd)开发并维护,当前版本 v1.0.0。
推荐 Skills