Guardian Shield
v1.1.1Locally scans untrusted text and documents to detect and block prompt injection threats, jailbreaks, exfiltration, and social engineering attacks.
⭐ 0· 344·1 current·1 all-time
byJosh@jtil4201
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (local prompt injection scanner) align with the included files: regex patterns, scanner, text extraction, and an optional ML model. No unrelated credentials, binaries, or network dependencies are requested.
Instruction Scope
SKILL.md and README instruct only local scanning (CLI and Python API) and call the provided scripts. The instructions do reference scanning web_fetch outputs, group messages, and file contents — which matches the scanner's capabilities. The example text includes malicious phrases (e.g., 'ignore previous instructions') which triggered the pre-scan pattern detector; this is expected for a demonstration of detections, not an instruction to exfiltrate data.
Install Mechanism
No install spec (instruction-only) which minimizes installer risk. Optional Python dependencies are listed (onnxruntime, PyPDF2, beautifulsoup4). One small inconsistency: the package includes models/ward_vocab.json (vocab) but the ONNX model file ward.onnx is not present in the provided manifest — ML inference will be unavailable unless the model file is obtained separately.
Credentials
The skill does not request environment variables, credentials, or config paths. Config.json flags (e.g., scan_web_fetches, scan_file_reads) are local configuration toggles and do not imply secret access. No disproportionate credential requests were found.
Persistence & Privilege
Skill is not always-enabled and does not modify other skills or global agent settings. It is a library/CLI the agent can call; it does not request elevated persistence or special privileges.
Scan Findings in Context
[ignore-previous-instructions] expected: SKILL.md and README intentionally include example attack phrases (e.g., 'ignore previous instructions') to demonstrate detection. The pre-scan flag is therefore expected and does not by itself indicate malicious intent.
Assessment
This package appears coherent and implements a local prompt-injection scanner as advertised. Before installing, consider: 1) The ML model (ward.onnx) is not included in the manifest — ML scoring will be disabled unless you provide a trusted ONNX model and install onnxruntime. 2) Optional dependencies (PyPDF2, beautifulsoup4, onnxruntime) are required only for extra features; install them from PyPI if you need those capabilities. 3) The skill's examples deliberately contain malicious phrases (used to test detection) — this is normal for this tool. 4) If you enable automatic scanning of agent outputs (web_fetch results, group messages, file reads), confirm your agent's integration respects privacy and you trust the skill source; it will examine untrusted content but does not exfiltrate it. 5) Check the license terms (source-available, non-commercial free tier) before using in commercial contexts. If you want higher assurance, ask the author for the missing model file checksum or supply your own vetted model.Like a lobster shell, security has layers — review code before you run it.
latestvk972j6wqerjxtfxjb19152zzsd829ccw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.