Openclaw Prompt Shield
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a local, purpose-aligned prompt-injection scanner with expected caller-directed file reading and report writing.
This skill looks appropriate for local prompt-injection screening. Before installing, note that it reads text from files you provide and can write reports or sanitized copies to paths you choose; keep those paths scoped and do not treat its pattern-based verdicts as a complete security guarantee.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If directed to the wrong output path, the skill could overwrite or create local files the process can access.
The sanitizer can create directories and write a sanitized copy to a caller-supplied path. This is disclosed and aligned with the skill's purpose, but it is still local file mutation.
out_path.parent.mkdir(parents=True, exist_ok=True)
out_path.write_text(safe_body, encoding="utf-8")Use explicit, non-sensitive input and output paths, and avoid pointing output at important existing files.
Users have less independent provenance context beyond the packaged artifacts reviewed here.
The registry listing does not provide an independent source repository or provenance source. The bundled code is coherent with the stated purpose, so this is a provenance note rather than a behavioral concern.
Source: unknown
Install only if you trust the ClawHub package source and consider reviewing the bundled scripts before use.