📦 AI-Warden — Prompt Injection Protection — AI-Warden — 提示注入防护
v1.4.1安装、配置并管理 OpenClaw 的 AI-Warden 提示注入防护插件。发布者:AI-Warden(ai-warden.io)。源码:github.com/ai-ward...
1· 129·0 当前·0 累计
by 安全扫描
OpenClaw
安全
medium confidence该技能的说明与要求与安装并配置 OpenClaw 插件一致,但它会执行第三方 npm 包的网络安装并修改你的 OpenClaw 配置,因此请在继续前验证上游包及仓库。
评估建议
This SKILL.md is coherent for installing an OpenClaw plugin, but take these precautions before running it: (1) Verify the package and repository yourself—visit the GitHub repo (https://github.com/ai-warden/openclaw-plugin) and the npm page to ensure publisher legitimacy; the registry metadata in the skill omitted a homepage which is worth confirming. (2) Inspect the installed package in node_modules (and any install scripts) before copying files into ~/.openclaw/extensions; npm install can run a...详细分析 ▾
✓ 用途与能力
The name/description (install and manage an AI‑Warden plugin) matches the actions in SKILL.md: creating an extension directory, npm installing openclaw-ai-warden, copying plugin files into the extensions root, and patching ~/.openclaw/openclaw.json to register the plugin. The optional AI_WARDEN_API_KEY is appropriate for an online detection service.
ℹ 指令范围
Instructions are explicit and limited to plugin installation and configuration: they read and write ~/.openclaw/openclaw.json, write into ~/.openclaw/extensions/ai-warden/, run npm install, and optionally add an API key either as an env var or in the config file. This is expected for a plugin installer, but it does grant the installation the ability to download and place executable plugin code and to persist a secret in your config file (Option B). The SKILL.md does include safety steps (backup, package provenance checks), which is good practice.
ℹ 安装机制
There is no automated install spec in the registry; the SKILL.md instructs a manual npm install from the public npm registry. Using npm is a common and reasonably traceable method, but npm packages can run install scripts and may contain malicious code. The instructions recommend verifying repository URL and dist.shasum via npm info, which helps but does not eliminate risk. No arbitrary URL downloads or URL shorteners are used.
✓ 凭证需求
No credentials are required by default. The optional AI_WARDEN_API_KEY is proportional to the advertised online-detection feature. The skill explicitly offers both env var storage (recommended) and storing the key in openclaw.json (with a chmod 600 suggestion). Storing secrets in the config is convenient but increases exposure; the skill documents this trade-off.
ℹ 持久化与权限
The skill modifies the agent's ~/.openclaw/openclaw.json to register and enable the plugin so the plugin will persist and be loaded automatically. This is expected behavior for installing a plugin. Because the plugin code will be placed under ~/.openclaw/extensions, it becomes a persistent component that the agent may invoke autonomously (the platform default). This persistence is appropriate for the stated purpose but increases the importance of verifying the plugin's provenance.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.4.12026/3/24
**技能元数据和安装说明已更新,以提升安全性与清晰度。** - 新增显式包版本(`openclaw-ai-warden@2.4.0`)及 NPM 来源/完整性验证步骤。 - 安装步骤现要求版本检查与 shasum 验证,保障供应链安全。 - 安装清单指定所需 Node.js 版本、NPM 及可选 `AI_WARDEN_API_KEY` 环境变量。 - 明确说明配置中 `plugins.allow` 的用法。 - 所有安装与更新命令已指向新的必需包版本。 - 运行逻辑无变动,仅文档优化与最佳实践。
● 可疑
安装命令
点击复制官方npx clawhub@latest install ai-warden-setup
镜像加速npx clawhub@latest install ai-warden-setup --registry https://cn.longxiaskill.com
技能文档
OpenClaw 代理的提示注入防护。5 层安全盾 + 污染锁。
- 发布者: AI-Warden
- 源码: github.com/ai-warden/openclaw-plugin
- NPM: openclaw-ai-warden
- 兼容: OpenClaw 2026.3.14+ 及 4.x
要求
- OpenClaw 2026.3.14+(含 4.x)
- Node.js 18+
- npm(随 Node.js 自带)
安装 —— 按顺序执行
每一步都是独立命令,逐条运行并确认输出无误。Step 0:备份配置
``bash
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak && echo "BACKUP OK"
`
验证: 输出 BACKUP OK。 Step 1:创建扩展目录
`bash
mkdir -p ~/.openclaw/extensions/ai-warden
`
`bash
echo '{"private":true}' > ~/.openclaw/extensions/ai-warden/package.json
`
验证: 无报错。 Step 2:安装 npm 包
`bash
cd ~/.openclaw/extensions/ai-warden && npm install openclaw-ai-warden@2.4.0
`
验证: 无错误、无审计警告。检查已装包:
`bash
ls node_modules/openclaw-ai-warden/
`
`bash
cat node_modules/openclaw-ai-warden/package.json | grep -E '"name"|"version"'
`
确认包名 openclaw-ai-warden 且版本为 2.4.0。 来源验证:
`bash
npm info openclaw-ai-warden repository.url
`
期望:https://github.com/ai-warden/openclaw-plugin
`bash
npm info openclaw-ai-warden dist.shasum
`
与本地对比:
`bash
cat node_modules/openclaw-ai-warden/package.json | grep _shasum
`
Step 3:复制插件文件到扩展根目录
OpenClaw 从扩展根目录加载插件,而非 node_modules。
`bash
cd ~/.openclaw/extensions/ai-warden
`
`bash
cp node_modules/openclaw-ai-warden/index.ts .
`
`bash
cp node_modules/openclaw-ai-warden/openclaw.plugin.json .
`
`bash
cp -r node_modules/openclaw-ai-warden/src .
`
`bash
grep VERSION index.ts | head -1
`
验证: 输出 const VERSION = 及版本号。 Step 4:配置 OpenClaw
自动向 openclaw.json 注册插件,保留原有配置(频道、模型、网关等)。
`bash
node -e "
const fs = require('fs');
const p = process.env.HOME + '/.openclaw/openclaw.json';
const cfg = JSON.parse(fs.readFileSync(p, 'utf8'));
if (!cfg.plugins) cfg.plugins = {};
cfg.plugins.enabled = true;
if (!cfg.plugins.entries) cfg.plugins.entries = {};
cfg.plugins.entries['ai-warden'] = {
enabled: true,
config: {
layers: {
content: 'block',
channel: 'warn',
preLlm: 'off',
toolArgs: 'block',
subagents: 'block',
output: 'off'
},
sensitivity: 'balanced'
}
};
fs.writeFileSync(p, JSON.stringify(cfg, null, 2));
console.log('CONFIG OK');
"
`
验证: 输出 CONFIG OK。 注意: 仅通过 plugins.entries 注册。若你使用 plugins.allow 白名单,需手动添加 "ai-warden";否则无需额外操作。
Step 5:添加 API 密钥(可选)
在线检测准确率 98.9%,离线约 60%。 方案 A —— 环境变量(推荐,密钥不写入配置文件):
在 shell profile 或 systemd 服务中设置 AI_WARDEN_API_KEY:
``bash
# 对于 systemd(如 OpenClaw 网关服务):
# 在 y