ClawHub

Promptguard

v0.1.1

Detect prompt injection attacks in text. Returns risk score and detected patterns.

0· 50·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (python), declared Python packages, and the included source code all match a simple local prompt-injection detector. Nothing in the files indicates unrelated capabilities (cloud access, system configuration, or secrets handling).
Instruction Scope
SKILL.md instructs to install FastAPI/uvicorn/pydantic, run uvicorn to start the server, and POST text to /v1/scan. The code implements exactly that endpoint and only inspects the provided text; it does not read files, environment variables, or external endpoints.
Install Mechanism
The declared packages are standard PyPI packages (fastapi, uvicorn, pydantic), which is appropriate. The install 'kind' is listed as 'uv' in metadata (unusual/ambiguous), but the SKILL.md shows pip instructions and the code is pure Python — this looks low risk but you may want to confirm how your platform's installer resolves 'uv'.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not attempt to access unrelated secrets or system config.
Persistence & Privilege
always is false and the skill does not try to modify other skills or system-wide settings. It runs as a local HTTP service and requires explicit startup; it does not persist elevated privileges.
Assessment
This skill appears to be a straightforward, local prompt-injection scanner. Before installing: (1) confirm how your platform implements the install 'uv' step (ensure it installs from trusted PyPI sources); (2) don't expose the server publicly without authentication because the provided service accepts arbitrary text and has no auth built in; (3) keep dependencies up to date and run in an isolated environment if you are concerned about supply-chain risk; (4) test with representative inputs to validate detection coverage and false positives/negatives for your use case.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfa0rtfd14vgb7vqs58q6e184stq1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython

Install

uv

Comments