ClawHub

PROMPT INJECTION PROTECTION

v1.0.0

Protects against prompt injection attacks by sanitizing, validating, and securely processing untrusted external content from websites, emails, and documents.

2· 859·0 current·0 all-time
by@blackworm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The code implements the described purpose: detection, sanitization, adaptive learning, alerts, and pre-checks for commands/file access. No requested environment variables, binaries, or unrelated packages are present that would be inconsistent with a protection library.
Instruction Scope
SKILL.md and the example/demo code focus on sanitizing and detecting prompt injection. Examples intentionally contain injection phrases (expected). The runtime code does not instruct the agent to read arbitrary user files or exfiltrate secrets; it only analyzes content strings and raises alerts.
Install Mechanism
There is no install spec (instruction-only metadata), and the distributed files are plain JS source files. No network downloads or third-party install steps are specified, so installation risk is low.
Credentials
The skill requires no environment variables or credentials. It includes detection rules that mention sensitive filenames/commands (for pattern matching) but does not access external credentials or request unrelated secrets.
Persistence & Privilege
The skill persistently stores learned patterns to learned-threats.json in its directory and starts an auto-update timer (setInterval) in the constructor. This is coherent for an adaptive protection library, but it means the skill writes to disk and will run periodic tasks while instantiated — review whether you accept persistent state and background activity.
Scan Findings in Context
[ignore-previous-instructions] expected: SKILL.md and example content intentionally include prompt-injection phrases (e.g., "Ignore all previous instructions") so the detection scanner flag is expected and relevant to the skill's testing/examples rather than evidence of manipulation.
Assessment
This package appears to be a coherent prompt-injection protection library. Before installing or enabling it broadly, consider: (1) it persists learned patterns to learned-threats.json in the skill directory — confirm that persistent writes are acceptable in your environment; (2) its constructor starts an auto-update interval (periodic background task) — if you want to avoid background timers, disable auto-updates or adjust the update schedule; (3) although demos reference sensitive files/commands, the code only matches patterns and does not read those files or require credentials; (4) review the source files yourself if you need stronger assurance (especially adaptive-learning.js and auto-update.js) and consider disabling learning in high-security contexts. If you plan to allow autonomous invocation, remember the skill will adapt to inputs it sees, so ensure it runs in a sandboxed agent context and that learned data is acceptable to retain.

Like a lobster shell, security has layers — review code before you run it.

latestvk97567nq2k4r9068eem1eajgqn80tzya

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments