ClawHub

Prompt Injection Removal

A secure sanitization system to strip instructions from external content.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 245 · 1 current installs · 1 all-time installs
byDaniel Ward@Quarantiine
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, files (PROMPT.md, SKILL.md, references) and lack of env/binary requirements align with a sanitization-only skill. There are no unrelated credentials, network endpoints, or binaries requested that would contradict the stated purpose.
Instruction Scope
SKILL.md and PROMPT.md stay within sanitization scope: fetch content, wrap in <untrusted_input_data> tags, and apply the hardened prompt rules. The docs explicitly include defensive strings (e.g., 'ignore previous instructions') which static scanners flag; those are intentional defensive rules. Operational risk: the sanitization relies on the agent actually using PROMPT.md as a hardened system prompt and on the model obeying constraints — both are runtime risks, not contradictions in the package.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. The package includes a setup.sh that, if executed, writes the provided SKILL.md/PROMPT.md/references files into a target directory — this is a local write operation included in the archive (no remote downloads). Users should be aware setup.sh will create files on disk if run, but no external code is fetched.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no unexpected secret requests or cross-service credentials, which is proportionate for the stated function.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. The only persistence risk is if the included setup.sh is executed — it creates files in a target directory but does not alter system settings or other skills.
Scan Findings in Context
[ignore-previous-instructions] expected: The phrase appears in PROMPT.md and SKILL.md as a defensive constraint to detect and neutralize prompt-injection strings; static scanners flag it but its presence is intentional and expected for a sanitization tool.
[system-prompt-override] expected: References to system-prompt override patterns are included intentionally to describe negative constraints and detection behavior; this is expected for a tool that documents rules for a hardened system prompt.
Assessment
This skill is internally coherent and doesn't request secrets or external installs. Before using it in production: (1) Verify the agent actually applies PROMPT.md as a hardened system prompt (the sanitizer only works if enforced). (2) Do not rely solely on this tool for safety — manually review sanitized summaries before any state-changing action. (3) If you run setup.sh, know it will write files to disk in the target directory; inspect the script first. (4) For high-risk workflows, run the sanitization in an isolated sub-agent or sandbox and test the skill with known injection payloads to validate behavior.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk978dfg5jxax386ftep6ph2gb5821910

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

SKILL.md

🛡️ Prompt Inject Removal

This skill provides a secure way to summarize untrusted external content (web pages, articles, blogs) by routing it through a "Zero-Trust" sanitization prompt.

🚀 Setup & Configuration

This skill is powered by a local, hardened system prompt. No external API keys or complex configuration are required.

📐 Workflow (Sanitization)

  1. Fetch: Raw content is retrieved via `web_fetch` or `browser`.
  2. Delimit: The content is wrapped in `<untrusted_input_data>` tags.
  3. Sanitize: The Main Agent processes the content using the rules in [PROMPT.md].
  4. Ingest: Only the resulting sanitized summary is used in the conversation.

📖 Security Reference

  • Detailed Security Docs: [references/security.md]
  • Hardened System Prompt: [PROMPT.md]

Disclaimer: This is a defense-in-depth tool. While it significantly mitigates prompt injection risks, no prompt-based sanitization is 100% foolproof. Review sanitized data before performing state-changing actions.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…