ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aegis Firewall

v3.0.0

Defensive execution, background scanning, anomaly detection, and prompt-injection containment for Codex/OpenClaw workflows. Use when working with untrusted e...

0· 234·1 current·1 all-time
by@alethean-kaw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description describe defensive containment and anomaly detection; the SKILL.md contains detailed, consistent guidance to perform those tasks. There are no unexpected env vars, binaries, or install steps that would be disproportionate to a 'firewall' skill.
Instruction Scope
Instructions direct the agent to treat external content as untrusted, separate analysis from execution, and run lightweight continuous anomaly scans. This is appropriate for the stated purpose, but the background-scanning language is somewhat broad and gives the agent discretionary, ongoing behavior (scan whenever new external content appears). That discretion is intentional for a firewall-style skill but means the agent will routinely apply heuristics across contexts.
Install Mechanism
No install spec and no code files — lowest-risk distribution. Nothing is downloaded or written to disk by the skill itself.
Credentials
Skill requires no environment variables, credentials, or config paths. The SKILL.md explicitly discourages secret exfiltration and privilege escalation, so there is no disproportionate credential access requested.
Persistence & Privilege
always is false and the skill is user-invocable. It can be invoked autonomously by the agent (platform default), which is reasonable for a monitoring/containment skill. The skill does not request persistent system-wide changes or access to other skills' configurations.
Scan Findings in Context
[ignore-previous-instructions] expected: The scanner flagged a known prompt-injection phrase inside the SKILL.md. Given this skill's purpose (detecting and containing injections), the presence of this pattern in its documentation/instructions is expected and appropriate — the skill instructs agents to treat such patterns as hostile.
Assessment
This skill is internally consistent and low-risk: it provides defensive policies and asks for no credentials or installs. Before enabling it permanently, review the SKILL.md to ensure its decision rules match how you want the agent to behave (background scanning frequency, what the skill should auto-block vs ask you about). Because the skill grants the agent discretion to run continuous, lightweight anomaly checks, test it on non-critical workflows first to confirm it doesn't over-block legitimate activity. The pre-scan flagged an 'ignore previous instructions' pattern — that's expected and intentional for a firewall skill, not evidence of maliciousness.
!
SKILL.md:31
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk977867a4g143cr73v2k8g24sn848ywg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments