ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Prompt Injection Filter

v1.0.0

Filters user inputs to detect and flag common prompt injection patterns using customizable regex rules in pure Python.

0· 15·0 current·0 all-time
bygentoobreaking@openclawchen8-lgtm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and SKILL.md: a lightweight Python regex filter for prompt-injection patterns. It doesn't request unrelated credentials or binaries. One minor note: SKILL.md imports from "prompt_injection_filter" while the repository file is named filter.py — this is a packaging/import naming inconsistency but not a security contradiction.
Instruction Scope
SKILL.md instructs using the provided functions (filter_input, is_safe, sanitize) and documents expected outputs. It does not direct reading of unrelated files, environment variables, or exfiltration. It includes example injection phrases (expected for this purpose).
Install Mechanism
No install spec (instruction-only) and a single, small Python file included. Nothing is downloaded from external URLs and no archives are extracted. Low installation risk.
Credentials
Requires no environment variables, credentials, or config paths — appropriate for a local regex-based filter.
Persistence & Privilege
Does not request always:true or elevated persistence. It is user-invocable and can be used by the agent, which is normal for skills.
Scan Findings in Context
[ignore-previous-instructions] expected: SKILL.md and the code explicitly list and test for phrases like "ignore previous instructions" because the filter is designed to detect those patterns. The scanner flagged this phrase; that is expected and not evidence of malicious intent here.
[you-are-now] expected: Phrases such as "you are now" appear in the built-in rule set and documentation to demonstrate role-play/jailbreak detection. The pre-scan flag is consistent with the skill's stated detection goals.
Assessment
This skill appears to be what it says: a small, regex-based prompt-injection detector. Before installing or using in production: 1) Verify the import/packaging (SKILL.md references prompt_injection_filter while the file is filter.py) so the module will load correctly in your environment. 2) Review and, if needed, customize the regex rules — regex-only filters are easy to evade and only catch known patterns. 3) Run local tests including obfuscated/encoded injections to understand false negatives/positives. 4) Because the skill's source and homepage are unknown, inspect the included filter.py yourself (it's short and readable) to confirm you’re comfortable with the code. 5) Don’t rely solely on this filter for safety — combine with other controls and human review.
!
SKILL.md:22
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk977xehcmz1ykkmc09aykzjt9x846wyh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Prompt Injection Filter

简单但有效的 Prompt Injection 过滤器,帮助拦截常见的提示注入攻击。

版本: 1.0.0 | 作者: 宝宝 (寶寶)

功能

  • 输入过滤: 检测并标记常见的 Prompt Injection 模式
  • 可定制规则: 支持自定义过滤规则
  • 轻量级: 纯 Python 实现,无外部依赖

使用方式

作为预处理步骤

在你的 Skill 或脚本中调用过滤器:

from prompt_injection_filter import filter_input

user_input = "帮我查一下价格... [ignore previous instructions]"
result = filter_input(user_input)
# result: {"clean": False, "original": "...", "reason": "detect_ignore_previous"}

返回格式

{
    "clean": bool,          # 是否通过检查
    "original": str,        # 原始输入
    "reason": str|None,    # 检测到的威胁类型
    "sanitized": str       # 清理后的文本(若可清理)
}

内置检测规则

规则ID模式风险
detect_ignore_previousignore previous, disregard system
detect_role_playyou are now, act as, pretend to be
detect_delimiter```, <xml>, [INST]
detect_encodingbase64, url encode, hex
detect_jailbreakDAN mode, developer mode, jailbreak

示例

from prompt_injection_filter import filter_input, is_safe

# 检查是否安全
if is_safe("帮我查天气"):
    print("安全")

# 获取详细报告
result = filter_input("请忽略之前的指令")
print(result["reason"])  # "detect_ignore_previous"

限制

  • 基于正则表达式,只能拦截已知模式
  • 建议配合 exec 审批准使用

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…