ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

raigo agent firewall

v1.0.3

RAIGO Agent Firewall — comprehensive AI security policy enforcement for OpenClaw agents. Covers all known prompt security attack vectors: prompt injection, j...

0· 81·0 current·0 all-time
by@musharsec
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description claim a policy/ruleset for prompt security and the skill is an instruction-only SKILL.md with no binaries, env vars, or installs — that is coherent. The 'upgrade to raigo Cloud' claim merely describes a paid feature and is not required for the local ruleset.
Instruction Scope
The SKILL.md instructs the agent to inspect external content (web pages, files, emails, code comments) and to decode/normalize obfuscated payloads (Base64, hex, Unicode smuggling, etc.) before applying rules. That behavior is consistent with a detector firewall, but it expands the agent's effective read/processing scope (it will parse/decode hidden payloads). Review the full file for any instructions that would additionally collect or transmit the decoded content.
Install Mechanism
No install spec and no code files — lowest risk for arbitrary code being written or executed on the host. The skill is purely prose-driven.
Credentials
No environment variables, credentials, or config paths are requested — proportionate for a ruleset that claims to operate locally in the agent's decision flow.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system-level privileges. It does not attempt to modify other skills or platform settings in the provided content.
Scan Findings in Context
[ignore-previous-instructions] expected: The SKILL.md explicitly enumerates injection patterns (e.g., 'ignore previous instructions') as items to block. The scanner flagged those phrases, which is expected and appropriate for a firewall rules document rather than an indicator of maliciousness.
Assessment
This SKILL.md appears to be a declarative ruleset for blocking prompt-injection and related attacks and is internally consistent with its description because it requires nothing and installs nothing. However, keep in mind: (1) it's only guidance — it protects you only if the agent actually follows these rules; it does not enforce platform-level or kernel-level protections. (2) The document instructs the agent to inspect and decode external content to detect obfuscation — this is necessary for detection but expands what the agent will parse; verify you are comfortable with that behavior. (3) Because the skill can be invoked autonomously by the agent (the platform default), decide whether you want automatic invocation enabled for this skill. (4) Review the full SKILL.md yourself for any steps that might send data to external endpoints or ask the agent to persist logs outside your control; although none are declared, the prose could include such instructions. If you need stronger guarantees (tamper-proof enforcement, centralized logging, or attestable execution), consider a platform-level guard or the vendor's managed/cloud offering and verify vendor provenance (raigo.ai docs link) before wide deployment.
!
SKILL.md:34
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c2vw2tvtrx42nnkz3z35t8183znpf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments