Counterclaw Core
v1.1.1Defensive interceptor for prompt injection and basic PII masking.
⭐ 0· 679·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (prompt-injection defense + PII masking) match the included Python scanner, middleware, and email-protection scripts. The code implements injection detection, PII detection/masking, and local logging — all coherent with the stated purpose. Minor inconsistency: registry metadata lists no required env vars/config paths, whereas SKILL.md and code expect TRUSTED_ADMIN_IDS and write to ~/.openclaw/memory/ (declared in SKILL.md and implemented in code). This appears to be a documentation/metadata mismatch rather than malicious.
Instruction Scope
SKILL.md instructions stay within expected scope: offline scanner/middleware, local logging to ~/.openclaw/memory/MEMORY.md, and optional email sending via the gog CLI. Examples and tests include prompt-injection phrases (e.g., 'Ignore previous instructions') — these triggered the pre-scan injection signal but are legitimate test/example data. Scripts reference PYTHONPATH and a workspace path (~/.openclaw/workspace/skills/...) which is slightly inconsistent with README's path suggestions (~/.openclaw/skills/...), so verify intended installation location before running.
Install Mechanism
No automated remote install step in registry metadata; SKILL.md suggests 'pip install .' which is a normal local packaging instruction. There are no external download URLs or archive extraction steps. The package is instruction-first with included source files and tests; installation risk is low and traceable.
Credentials
Requested environment variables (TRUSTED_ADMIN_IDS for admin checks; optional GOG_ACCOUNT and GOG_KEYRING_PASSWORD for the Gmail/gog integration) are proportional to the functionality. The README and SKILL.md explicitly warn that TRUSTED_ADMIN_IDS should not contain secrets. Minor concern: registry-level metadata did not declare these env requirements — confirm you set only non-sensitive admin identifiers and are comfortable providing credentials to gog separately for email sending.
Persistence & Privilege
The skill does not request 'always: true'. It only writes to its own declared path (~/.openclaw/memory/MEMORY.md) and does not modify other skills or system-wide settings. Autonomous invocation (disable-model-invocation = false) is the platform default and not flagged here. File writes are constrained to the declared memory directory.
Scan Findings in Context
[ignore-previous-instructions] expected: The SKILL.md, README, and tests intentionally include common injection phrases (e.g., 'Ignore previous instructions') as detection examples and unit tests. This triggered the pre-scan pattern detector but is consistent with the skill's defensive purpose.
Assessment
This package appears to do what it says — local prompt-injection scanning, PII detection/masking, and optional email wrappers that use the user's gog CLI. Before installing: 1) Confirm the metadata: set TRUSTED_ADMIN_IDS to non-sensitive IDs (telegram/discord numeric IDs) and do NOT put API keys or tokens there. 2) Verify the intended install/location (SKILL.md and README reference slightly different paths such as ~/.openclaw/skills vs ~/.openclaw/workspace/skills) so the scripts find the module; adjust PYTHONPATH if needed. 3) If you plan to use send_protected_email.sh, test with --dry-run and understand it calls the local 'gog' CLI which will send via your Gmail account (ensure gog is configured and you are comfortable with that). 4) Inspect and/or set restrictive permissions on ~/.openclaw/memory/MEMORY.md if you are concerned about logs. 5) The code contains some minor oddities (small sys.path manipulation quirks) but no evidence of hidden endpoints or secret exfiltration; if you need higher assurance, run the included tests locally and review code lines that touch PATHs/env before use.Like a lobster shell, security has layers — review code before you run it.
latestvk974b2y30k9h5t1penrzp7jqk1823r8h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis