ClawShield

The skill 'ClawShield' is designed for local security auditing, including prompt injection detection and local port scanning. The `scripts/audit.sh` script executes local commands (`openclaw status`, `session_status`), performs `grep` for PI patterns in local directories, and runs `nmap` strictly limited to `127.0.0.1` for ports 1-1024. It outputs a JSON report to stdout without any evidence of data exfiltration, external network communication, unauthorized persistence mechanisms (beyond the stated intent to schedule local audits), or malicious execution. The `SKILL.md` and `references/threats.md` do not contain prompt injection attempts, but rather describe the skill's purpose and general security risks.