ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI-Warden — Prompt Injection Protection

v1.3.0

Install, configure, and manage the AI-Warden prompt injection protection plugin for OpenClaw. Publisher: AI-Warden (ai-warden.io). Source: github.com/ai-ward...

1· 78·0 current·0 all-time
by@ai-warden
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to install and configure an AI-Warden plugin and its runtime instructions only do that: create an extension directory, npm install the package, copy plugin files, patch ~/.openclaw/openclaw.json, and restart the gateway. These actions are consistent with installing a local OpenClaw plugin.
Instruction Scope
Instructions directly read/write ~/.openclaw/openclaw.json and write into ~/.openclaw/extensions — expected for plugin installation. The doc insists running a long chained one-liner; that increases risk of running multiple operations without review. The node -e snippets modify the config in-place and will embed an API key into openclaw.json if provided.
Install Mechanism
There is no formal install spec, but the SKILL.md instructs using npm to fetch openclaw-ai-warden@2.4.0 from the public npm registry and then copying files from node_modules to an extensions folder. Fetching from npm is a common pattern and traceable, but it does execute network retrieval at runtime — you should inspect the package contents before copying/executing.
Credentials
The registry metadata lists no required env vars, which is consistent. The instructions optionally ask you to place an API key into openclaw.json; storing an API key in that config file (likely plaintext) is functional but has privacy implications. The skill does not request unrelated credentials.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It modifies only its own extension directory and the OpenClaw config (to register itself) — expected for a plugin. It does not attempt to change other skills' configs or request system-wide privileges.
Assessment
This appears to be a coherent plugin-install instruction, but take these safe steps before running it: (1) Inspect the package on GitHub and npm (check maintainers, recent commits, and code) and compare the expected VERSION string. (2) Do NOT paste the long chained command as a single opaque line — run each step one at a time so you can inspect outputs and the installed files (npm install, then examine node_modules/openclaw-ai-warden). (3) Be aware the node -e snippets will write an API key into ~/.openclaw/openclaw.json (persistent plaintext); if you use an API key, ensure that file has restrictive permissions and you are comfortable storing the key there. (4) Consider running npm install in a temporary directory first or using npm pack to download the tarball and inspect its contents before copy/installation. (5) Keep your backup (the SKILL.md already suggests making one) and verify the install by checking file contents and the VERSION check text before restarting the gateway. If you want a higher-assurance install, request a signed release/tarball or vendor the plugin source after manual review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97826egcegf2t7309zqmjhx0x83k8wf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments