Sandwrap

The OpenClaw skill 'sandwrap' is designed as a security defense mechanism to protect against prompt injection and malicious skill execution. Its primary purpose, as detailed across SKILL.md, CLAWHUB-README.md, and references/architecture.md, is to wrap untrusted skills in a multi-layered, prompt-based 'soft sandbox'. The architecture document explicitly outlines defensive measures such as dynamic delimiters, instruction hierarchy, tool allowlists, human-in-the-loop approvals, and output verification. Crucially, it includes pseudo-code and rules to prevent data exfiltration (e.g., detecting secrets, large base64 blobs, blocking internal/private IPs), block malicious execution (e.g., path traversal, executable file writes), and counter various prompt injection techniques (e.g., meta-instructions, roleplay, encoded payloads). All content consistently describes a security-focused tool with no evidence of malicious intent or risky capabilities beyond its stated defensive purpose.