ClawHub
Back to skill
v2.0.0

Eli Prompt Guard

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:25 AM.

Analysis

Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions, you-are-now); human review is required before treating this skill as clean.

GuidanceThis skill looks safe to install if you want a prompt-level guard before external submissions. Be aware that it may block or delay automated posts/API calls, stores guard settings in workspace memory, and should not be treated as a complete standalone security product. ClawScan detected prompt-injection indicators (ignore-previous-instructions, you-are-now), so this skill requires review even though the model response was benign.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityInfoConfidenceHighStatusNote
SKILL.md
| Ignore Instructions | ... | "ignore all previous instructions" |

The artifact contains goal-hijacking phrases, but they appear in a table of patterns the guard should detect.

User impactThese phrases may trigger static scanners, but the context indicates they are examples of attacks to block.
RecommendationKeep the examples clearly quoted or fenced, and do not treat matched content as authoritative instructions.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Execute Prompt Guard check when: ... Auto-posting ... Submitting forms ... Executing commands ... Calling external APIs

The skill interposes checks before broad external submissions and command workflows, which can affect tool execution but is aligned with the stated protection purpose.

User impactThe guard may delay, block, or require approval for posts, API submissions, forms, or commands that include user-provided content.
RecommendationReview the enabled platforms and approval/timeout behavior before relying on it in automated workflows.
Human-Agent Trust Exploitation
SeverityLowConfidenceMediumStatusNote
metadata
Description: Automatically detects and blocks prompt injection attempts ... Code file presence: No code files present — this is an instruction-only skill.

The artifact advertises automatic blocking while the supplied package is instruction-only, so effectiveness depends on the agent following the guidance.

User impactUsers could overestimate how reliably this blocks prompt injection compared with a tested enforcement layer.
RecommendationTreat it as an additional prompt-level safeguard, not the only security control for sensitive external posting or API workflows.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
README.md
Edit `~/.openclaw/workspace/memory/prompt-guard-config.json`: { "enabled": true, "timeoutSeconds": 120, "autoRejectOnTimeout": true }

The skill uses a persistent workspace-memory configuration that controls future guard behavior.

User impactFuture tasks may continue to be allowed, blocked, or timed out based on stored settings.
RecommendationKeep this configuration user-controlled and periodically verify that enabled platforms and timeout settings match your expectations.