ClawSafe
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
Install this only if you want a local Node-based security hook that inspects and may block every incoming message. Verify the source, review the full package, tune the config/whitelist for false positives, and do not rely on it as your only security layer. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Benign messages could be blocked by false positives, and all hooked messages pass through this local scanner.
The hook can automatically evaluate incoming event text and return a block response, controlling whether user input reaches the agent.
const input = extractInput(event); ... return scanAndBlock(input, event); ... return { blocked: true, safe: false, messages: getBlockedMessages(lang, result) };Enable the hook only when that behavior is desired, test it with representative prompts, and tune the confidence threshold and whitelist.
Users have less registry-level assurance about package origin and runtime requirements before enabling a message-intercepting hook.
The registry metadata gives limited provenance and runtime information for a package that includes a Node/OpenClaw hook.
Source: unknown; Homepage: none; Required binaries (all must exist): none
Verify the package source and complete contents, and ensure the registry metadata accurately declares the hook and Node runtime requirement.
Relying on this as a complete security boundary could lead to missed attacks or overblocking.
The documentation uses broad security language; the provided implementation is a local rule/pattern detector, so users should not overestimate its coverage.
> Enterprise-grade security detector for AI agents
Use it as one layer of defense alongside model/provider controls, application validation, logging review, and human oversight.