smart-security
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
Before installing, confirm that you want this skill to run before other logic, inspect all inputs/tool outputs and local memory files, and write persistent security logs. Test it for false positives and verify any Telegram or webhook alert destination is trusted. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Legitimate requests may be blocked or handled more strictly if the guardrail misclassifies them.
The skill is intentionally designed to take precedence over normal agent logic and block or alter processing. That is purpose-aligned for a security layer, but it gives the skill broad influence over all interactions.
This skill requires **highest priority** ... This skill must execute on: - EVERY user input ... - EVERY tool output ... - BEFORE any plan formulation - BEFORE any tool execution
Enable only if you want this skill to act as a front-line policy gate, and tune thresholds/recovery behavior after testing with normal workflows.
Local memory and identity context may be inspected and security events may be retained in workspace files.
The skill reads agent memory/identity files and writes persistent security logs/state. This is disclosed and aligned with memory-integrity checking, but those files may contain sensitive context.
Read access: `/workspace/MEMORY.md`, `/workspace/memory/*.md`, `/workspace/SOUL.md`, `/workspace/AGENTS.md`, `/workspace/IDENTITY.md` ... Write access: `/workspace/AUDIT.md`, `/workspace/INCIDENTS.md`, `/workspace/heartbeat-state.json`
Review the listed paths, ensure they do not contain secrets you do not want processed by this guardrail, and periodically audit or rotate the generated logs.
Security event timing and detection metadata may leave the local workspace through chat or monitoring integrations.
Security alert metadata may be sent through an existing Telegram channel or an operator-configured webhook. The destination is disclosed and the payload is described as metadata-only.
Alerts sent via agent's existing Telegram channel ... `export SECURITY_WEBHOOK_URL="https://your-monitoring.com/webhook"` ... Payload sent: `{ "timestamp": ..., "severity": ..., "event_type": ..., "score": ..., "pattern": ... }`Use the webhook only with trusted monitoring endpoints, and confirm the existing Telegram/channel destination is appropriate for security alerts.
Users may assume stronger, verified technical enforcement than an instruction-only skill can provide on its own.
The skill makes strong security/compliance claims, while the provided artifacts contain no executable enforcement code. This is not malicious by itself, but users should not overestimate the protection level without testing platform behavior.
Description: Advanced prompt injection defense with multi-layer protection, memory integrity, and tool security wrapper. OWASP LLM Top 10 2026 compliant. ... No code files present — this is an instruction-only skill.
Treat it as a policy/instruction guardrail, validate it with realistic tests, and avoid relying on it as the sole defense for high-risk tool or memory access.