← 返回 Skills 市场
637
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install zugashield
功能描述
7-layer AI security scanner for OpenClaw. Blocks prompt injection, SSRF, command injection, data leakage, and memory poisoning across ALL channels (Signal, T...
安全使用建议
This package is plausible as a gateway scanner, but take these precautions before installing/activating it: 1) Verify the upstream packages: confirm the npm package and PyPI package authors and the GitHub repository (the plugin contains multiple repository/homepage strings — reconcile them). 2) Inspect the Python package 'zugashield' (zugashield_mcp): examine its code on PyPI or the repository before running pip install; a third-party Python package will run code on your host. 3) Check SKILL.md / README for the prompt-injection phrases flagged by the scanner and review any suspicious lines. 4) Don't set sensitive env vars into the process; the plugin tries to whitelist env vars but allows ZUGASHIELD_* feed URLs — ensure those point to trusted, signed feeds, and enable signature verification if available. 5) Test in an isolated/sandboxed OpenClaw instance first (non-production) to verify behavior and network interactions (outbound connections, feed pulls). 6) Prefer packages from an audited source or a repository you control; if you can't validate the Python package or feed origin, treat this as untrusted code. If you want, I can list the exact repo/homepage strings found and point out where they differ, or help you inspect the zugashield_mcp package source if you provide its PyPI link or code.
功能分析
Type: OpenClaw Skill
Name: zugashield
Version: 0.1.1
The OpenClaw AgentSkills skill bundle 'zugashield' is a security scanner designed to protect AI agents from various attacks like prompt injection, SSRF, command injection, and data leakage. The code demonstrates strong security practices, such as whitelisting environment variables passed to child processes (`src/preflight.ts`, `src/shield-client.ts`) to prevent secret leakage, and implementing fail-closed mechanisms, especially for tool execution (`src/hooks/pre-tool-exec.ts`). The `SKILL.md` and `README.md` are purely descriptive and do not contain prompt injection attempts against the agent. Crucially, the `test/integration.test.ts` file includes extensive tests against a wide range of real attack payloads, with the explicit expectation that these attacks *will be blocked*, strongly indicating a security-focused and non-malicious intent. There is no evidence of intentional harmful behavior, data exfiltration, backdoors, or obfuscation.
能力评估
Purpose & Capability
The name/description (an OpenClaw gateway scanner) align with what the plugin implements: it registers gateway hooks, requires Python to run a zugashield_mcp server, and exposes commands to show status/report. Permission for subprocess is declared and needed to spawn the MCP process.
Instruction Scope
SKILL.md instructs installation via pip/npm and to spawn a resident Python MCP server that inspects inputs, outputs, tool calls, and memories — all consistent with the stated purpose. However the SKILL.md was flagged by a prompt-injection detector (patterns like 'ignore-previous-instructions' and 'you-are-now'), which is unexpected for a scanner manifest and may indicate attempted LLM-targeted manipulation in documentation/instructions. The runtime hooks do scan/forward content to the MCP server; they do not, in the JS surface code, read unrelated host secrets.
Install Mechanism
There is no packaged install spec inside the plugin bundle; the SKILL.md recommends 'pip install "zugashield[mcp]"' and 'npm install zugashield-openclaw-plugin'. Running pip to fetch zugashield at runtime means execution of third-party Python code on the host. That is a standard distribution method but is a moderate risk because the Python package is an external artifact you must trust. The npm content provided in the bundle looks normal; no direct downloads from shorteners/personal IPs were found.
Credentials
The plugin declares no required env vars and restricts child-process env to an allowlist, which reduces secret leakage risk. However the child env allowlist includes ZUGASHIELD_FEED_URL / FEED_ENABLED / FEED_STATE_DIR and other ZUGASHIELD_* variables — these imply the engine may be configurable to contact external feeds (update/signature feeds). Those are plausible for a scanner but mean a misconfigured or malicious feed URL could direct the Python process to fetch remote content. No unrelated cloud credentials are requested by the plugin.
Persistence & Privilege
always:false and user-invocable are appropriate. The plugin registers as a service and adds required hooks (high priority/critical) — appropriate for a security filter. It does not request permanent global privileges beyond hooking into the gateway as intended.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zugashield - 安装完成后,直接呼叫该 Skill 的名称或使用
/zugashield触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Security fix: sanitize child process environment (env allowlist instead of process.env spread). Add threat feed config vars to allowlist.
v0.1.0
Initial release: 7-layer AI security scanning for all OpenClaw channels
元数据
常见问题
ZugaShield Security Scanner 是什么?
7-layer AI security scanner for OpenClaw. Blocks prompt injection, SSRF, command injection, data leakage, and memory poisoning across ALL channels (Signal, T... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 637 次。
如何安装 ZugaShield Security Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zugashield」即可一键安装,无需额外配置。
ZugaShield Security Scanner 是免费的吗?
是的,ZugaShield Security Scanner 完全免费(开源免费),可自由下载、安装和使用。
ZugaShield Security Scanner 支持哪些平台?
ZugaShield Security Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ZugaShield Security Scanner?
由 Zuga-luga(@zuga-luga)开发并维护,当前版本 v0.1.1。
推荐 Skills