GhostShield
v1.0.0反同事蒸馏防护盾 - 保护你的代码风格,防止被 AI 精准蒸馏。 提供三级混淆模型:基础防护、深度混淆、极致隐匿。
⭐ 0· 80·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (anti-distillation, multi-level obfuscation) match the included modules: PIIDetector, StyleAnalyzer, Obfuscator, Validator and CLI. The code implements PII scanning, style fingerprinting, in-place repository/file obfuscation and watermark injection. There are no unrelated environment variables, remote service credentials, or unexpected binaries requested.
Instruction Scope
SKILL.md instructs CLI usage (analyze/process/evaluate) and references pip install, which is documentary rather than a provided install spec. The runtime instructions operate on local repo/file paths and to write modified files back to disk (expected for an obfuscator). A prompt-injection signal (unicode-control-chars) was detected in SKILL.md—this aligns with the watermarking feature that embeds zero-width characters, but the presence of hidden unicode characters in the skill metadata should be examined to ensure they are not trying to manipulate LLMs or hide behavior.
Install Mechanism
No install spec is present in the registry metadata (safe default). The bundle contains code and a requirements.txt; SKILL.md references 'pip install ghostshield' but there is no automated download-from-URL step in the package. This is lower-risk than arbitrary network downloads, but you should inspect requirements.txt and any upstream packaging before pip-installing.
Credentials
The skill requests no environment variables or credentials. PII detection rules include patterns for AWS/GitHub tokens and similar strings — this is appropriate for a PII scanner. The code uses local git commands (subprocess git log) and filesystem access, which is expected for analyzing repositories.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide privileges. It will write files into the target repository (obfuscated files, a .ghostshield-watermark file and injected zero-width markers). That file-write behavior is consistent with the described watermarking/obfuscation features but is a persistent change to user data and should be treated with caution (backup before use).
Scan Findings in Context
[unicode-control-chars] expected: Zero-width / unicode control characters were detected in SKILL.md and in obfuscator._inject_watermark content. This is consistent with the claimed 'zero-width watermark' feature. However, hidden characters in SKILL.md could also be used for prompt-injection; review the exact characters and intent before trusting the skill.
Assessment
This package appears coherent with its stated goal of repository-level obfuscation and watermarking, but exercise caution before running it on real code. Recommended steps:
1) Backup: Make a full backup (or work on a clone) of any repository you will process—the tool writes files and injects invisible markers.
2) Inspect dependencies: Open requirements.txt and validate each dependency and its versions before pip installing. Prefer to run the bundled code from a sandbox or VM rather than directly on critical systems.
3) Review watermark behavior: The obfuscator injects zero-width/unicode markers and writes a .ghostshield-watermark file. If you want to detect downstream distillation, verify what exactly is being injected and that it cannot be used to fingerprint or leak sensitive metadata.
4) Test on non-sensitive data: Run analyze/process/evaluate on a small test repo to confirm outputs, check that code remains runnable, and confirm no unexpected network calls or telemetry occur.
5) Audit missing/truncated code: Some parts of the bundle were truncated in the listing. Review the full source (especially obfuscator._inject_watermark and any code that writes files or invokes subprocess/network) to ensure there's no hidden exfiltration (HTTP requests, remote uploads, or credential exfil patterns).
6) Legal/ethical check: Level-3 features (fake-feature injection, decision reversal) can be misused; consider legal and team-policy implications before applying to codebases that are not solely your own. Also note the code is GPL-3.0—be aware of licensing obligations.
If you are not comfortable auditing the full source, run the tool in an isolated environment and limit its use to non-sensitive repositories until you have validated its behavior.Like a lobster shell, security has layers — review code before you run it.
anti-distillationvk970br2pwyg2fwhgycjq28y05x8468cjlatestvk970br2pwyg2fwhgycjq28y05x8468cjprivacyvk970br2pwyg2fwhgycjq28y05x8468cjsecurityvk970br2pwyg2fwhgycjq28y05x8468cj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.