ClawHub

AOI Prompt Injection Sentinel

v0.1.2

Detects and scores prompt injection attempts in text, outputting severity, action, and matched rules without external calls or secret handling.

0· 747·0 current·0 all-time
by@edmonddantesj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (prompt-injection sentinel) align with the included code and SKILL.md. The code implements local regex-based rules, scoring, and a local fingerprint — nothing in the bundle asks for unrelated capabilities (no cloud creds, no system-level access).
Instruction Scope
SKILL.md instructs running the included node script (analyze via CLI or stdin) and explicitly claims no webhooks/outbound calls or secret handling. The script only reads CLI args/stdin, runs regex checks, computes a local SHA-256 fingerprint, and prints JSON to stdout — scope stays within the stated purpose.
Install Mechanism
No install spec is provided (instruction-only). The package includes a small standalone skill.js with no external dependencies. No network downloads or archive extraction are performed by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and references no config paths to be read at runtime. The regex rules do mention common sensitive filenames (e.g., .env, id_rsa, openclaw.json) for detection purposes — that's consistent with its detection goal and not an access request.
Persistence & Privilege
Flags show always:false and normal model invocation. The skill does not attempt to modify other skills or system configs. It runs only when invoked and has no installation hooks that grant it persistent elevated privileges.
Assessment
This skill appears internally consistent and implements a local, regex-based prompt-injection detector. Before installing or running, review the included skill.js (it's small and readable) to confirm you trust the author, because running the script executes code on your host. Note the SKILL.md references a GitHub issues URL — you can verify the upstream repo and changelog there. Expect potential false positives (e.g., matches for filenames like .env or phrases like 'curl http'); test with representative inputs. If you require stronger guarantees, run the script in a sandboxed environment or inspect the code line-by-line (there are no hidden network calls or secret exfiltration paths in the provided files).

Like a lobster shell, security has layers — review code before you run it.

latestvk97723c00xgymepan91apw4dvd8163qg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments