Prompt injection detection skill
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent moderation helper, but it sends checked text to HuggingFace and optionally OpenAI and requires users to configure tokens and dependencies carefully.
Before installing, make sure you are comfortable sending moderated text to HuggingFace and optionally OpenAI, configure the required tools and tokens, and ensure your agent treats API errors or missing-token results as an unavailable check rather than a safe verdict.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your API keys authorize calls to those providers when the moderation script runs.
The skill asks for provider API credentials. This is expected for HuggingFace/OpenAI moderation calls and the artifacts do not show hardcoded keys, logging, or unrelated credential use.
export HF_TOKEN="hf_..." # Required ... export OPENAI_API_KEY="sk-..." # Optional
Use scoped or dedicated tokens where possible, keep them out of shared logs, and rotate them if exposed.
Messages or draft responses checked by the tool may be processed by third-party providers.
The script sends the supplied input or output text to HuggingFace and, when configured, OpenAI for classification. This is disclosed and purpose-aligned, but it is still an external data flow.
https://router.huggingface.co/hf-inference/models/$MODEL ... -d "{\"inputs\": $json_text}" ... https://api.openai.com/v1/moderations ... -d "{\"model\":\"omni-moderation-latest\",\"input\":$json_text}"Only use it on content you are comfortable sending to those services, and review the providers' retention and privacy terms for your deployment.
The skill may not work as expected unless the local tools and environment variables are available.
The registry metadata under-declares setup requirements because the included helper script uses bash, curl, python3, HF_TOKEN, and optionally OPENAI_API_KEY. The SKILL.md does disclose the token setup, so this is a setup clarity issue rather than hidden behavior.
Required binaries (all must exist): none ... Required env vars: none ... No install spec — this is an instruction-only skill.
Verify bash, curl, python3, HF_TOKEN, and any optional OpenAI key are configured before relying on the skill.
A deployment could get false reassurance if it ignores the error fields.
If the required HuggingFace token is missing, the script reports an error but still leaves the overall flagged value false. A consumer that checks only the top-level flag could mistake an unavailable check for a safe result.
RESULT="$RESULT,\"injection\":{\"flagged\":false,\"score\":0,\"error\":\"HF_TOKEN not set\"}"Treat any API error or missing-token result as an unavailable safety check, not as proof the content is safe; consider fail-closed handling in production.