Prompt Injection Guard
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: prompt-injection-guard Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'prompt-injection-guard' is designed to protect the AI agent from prompt injection attacks. The `SKILL.md` file contains instructions for the agent to detect and block malicious prompts, sanitize user input, filter sensitive output, and prevent unauthorized actions like credential leakage or unapproved financial transactions. All instructions are defensive in nature, aiming to enhance the agent's security posture. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or any vulnerabilities that could be exploited by this skill itself; rather, it aims to prevent such attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Legitimate security, crypto, or moderation discussions could be blocked or require confirmation if they match the guard's patterns.
The skill intentionally changes stopping conditions by instructing the agent to block high-risk prompts. This matches the defensive purpose, but it can affect whether user requests are allowed to proceed.
Level 3 - ブロック ... 対応: 「🚫 ブロック: セキュリティ上の理由で実行できません」 ... 続行: 不可
Use this where automatic prompt-injection guarding is desired, and review or tune the rules if false positives would disrupt normal work.
The mismatch may make it harder to confirm who published or packaged the skill.
The registry metadata lists a different owner ID, "kn72e4q61j807j4a90azhayc0d80wa2j". Because the skill is instruction-only with no code or install steps, this is a provenance note rather than evidence of malicious behavior.
"ownerId": "kn70ts53f8e9rzfwp5t12d6ta180q6f3"
Confirm the publisher/version in ClawHub before relying on it, and ask the maintainer to align registry and package metadata.
If implemented, fragments of user prompts could be retained in logs.
The skill recommends logging detected attack patterns, response outcomes, timestamps, and part of the input. It says to exclude sensitive parts, but does not define retention, storage, or access controls.
記録項目: - 検出した攻撃パターン - 入力の一部(機密部分除く) - 対応結果 - タイムスタンプ
Define where logs are stored, how long they are kept, who can see them, and ensure secrets or personal data are redacted.