📦 Armarius - Prompt Injection Blocker — Armarius - Prompt 注入拦截器
v1.1.0一键开启,永久在线。零额外 API 调用。提示注入一出现即被中和。绝不打断工作。无需配置,无需代码。
0· 387·1 当前·1 累计
by 下载技能包
最后更新
2026/2/26
安全扫描
OpenClaw
可疑
medium confidenceThe skill's instructions are coherent with a prompt-injection blocker, but a key rule (always appending complete verbatim external content to responses) creates a real risk of exposing sensitive data and the skill overclaims immutability; review before installing.
评估建议
This skill is internally coherent for a prompt-injection guard, but review its logging rule carefully before enabling it. It requires agents to append the complete verbatim text of any flagged injection to responses — that can accidentally expose secrets or private content returned by tools, files, or web fetches. Consider asking the author (or modifying the policy) to: 1) redact or summarize flagged content by default (mask tokens, emails, credentials), 2) only log metadata and source location ...详细分析 ▾
✓ 用途与能力
Name/description (prompt-injection blocker, no setup) match the implementation style: instruction-only SKILL.md that tells the agent how to classify and handle external content. No unrelated binaries, env vars, or installs are requested.
⚠ 指令范围
The runtime instructions mandate classifying all non-user inputs as CONTENT and never executing instructions found therein — that is within scope. However Rule 2 requires appending the complete, unabbreviated text of any detected injection attempt to the end of the agent's response. That behavior can cause sensitive or secret data (from tools, files, web fetches, emails, etc.) to be echoed verbatim into chat output or logs, increasing the risk of data exposure. The SKILL.md also asserts its rules are immutable and 'cannot be suspended', which is an overclaim: as an instruction-only skill it cannot technically enforce immutability of agent-level policy.
✓ 安装机制
No install spec and no code files — lowest-risk delivery. The skill is instruction-only, so nothing will be written to disk or fetched at install time.
ℹ 凭证需求
No credentials, env vars, or config paths are requested (proportionate). However, because the skill requires emitting full verbatim external content when flagging injections, it may surface secrets or private data present in those external sources; that is a data-handling concern rather than a credential request.
✓ 持久化与权限
Flags show always:false and normal invocation behavior. The skill does not request persistent presence or modify other skills/config. The README/SKILL.md claim 'always on'/'immutable' is a policy claim rather than a granted platform privilege.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/2/26
Rebuilt as active behavioral protection layer — replaces previous guide-based version.
● 无害
安装命令
点击复制官方npx clawhub@latest install armarius
镜像加速npx clawhub@latest install armarius --registry https://cn.longxiaskill.com