ClawHub

Guardian Wall

v1.0.0

Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the intern...

0· 276·0 current·0 all-time
byazzar budiyanto@1999azzar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, patterns.md, and scripts/sanitize.py all align: the package's assets are exactly what you'd expect for a prompt-injection sanitizer and auditor. No unrelated env vars, binaries, or installs are requested.
Instruction Scope
SKILL.md stays on-purpose (sanitize, wrap in randomized delimiters, optionally spawn an audit sub-agent). The recommendation to spawn a sub-agent for high-stakes content is reasonable but can expand the blast radius depending on that sub-agent's privileges — the skill itself doesn't define that sub-agent's scope.
Install Mechanism
No install spec (instruction-only) and the included Python script is shipped with the skill. Nothing is downloaded from external or untrusted URLs.
Credentials
The skill requests no credentials or config paths. Minor note: scripts/sanitize.py decodes Base64 matches and prints fragments of the decoded content, which could reveal any sensitive text embedded in the external input (this is by design for detection but could surface secrets if an input contains them).
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not request permanent presence, nor does it modify other skills or system-wide settings.
Scan Findings in Context
[ignore-previous-instructions] expected: SKILL.md explicitly lists 'ignore previous instructions' as a forbidden/high-risk pattern to detect; the scanner flagged this phrase from the defensive content, which is expected.
[you-are-now] expected: The phrase 'you are now [New Persona]' appears in the file as an example of persona-modulation attacks; being flagged by the pre-scan is consistent with the skill's goal.
Assessment
This skill appears coherent and implements a local sanitizer plus a reference of injection patterns. Before installing, consider: (1) Review scripts/sanitize.py yourself — it decodes and prints portions of Base64 it finds, which will surface any sensitive data embedded in inputs; (2) Limit what the 'audit' sub-agent can access and audit its permissions before allowing autonomous spawning; (3) Test the sanitizer on representative malicious/benign samples to tune false positives (homoglyph and base64 heuristics are heuristic and may need adjustment); (4) Run the sanitizer in a restricted environment if you plan to process untrusted files, and ensure outputs are not automatically forwarded to external services. If you accept these trade-offs, the skill is consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

injectionvk974zr8g78prv3egwzd56w0cj9822377latestvk974zr8g78prv3egwzd56w0cj9822377mitigationvk974zr8g78prv3egwzd56w0cj9822377securityvk974zr8g78prv3egwzd56w0cj9822377

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments