ClawGuard-Shield — 安全防护工具
v3.0.0使用 prompt injection detection, intent validation, zero-width character detection, 和 intent integrity verification
0· 97·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's stated purpose (prompt-injection defense) matches most of its code and docs, but there are unexplained/incoherent pieces — notably a required external rules module (outside the package) and use of an undeclared environment variable — that warrant caution before installing.
评估建议
What to check before installing or enabling this skill:
- Source trust: The package lists no homepage and owner identity is opaque. Prefer installing only from a trusted source.
- Inspect the external dependency: src/shield.js requires '../../shared/rules/interceptor-rules.js' which is not in the manifest. Ask the author where that file comes from and review its contents; it could grant the skill access to shared platform files or include unexpected logic.
- Environment variable: The code uses ...详细分析 ▾
⚠ 用途与能力
Name, README, SKILL.md, and most code implement a prompt-injection detection/hardening tool which is coherent. However src/shield.js requires '../../shared/rules/interceptor-rules.js' (a module not included in the skill manifest) which implies a dependency on a host-provided or sibling file that is not documented. The CLI also offers harden/fix operations that read and write arbitrary config files; that capability fits the stated purpose but increases the sensitivity of what the skill can touch. The external require and undocumented expectations are disproportionate to the published metadata and are unexplained.
⚠ 指令范围
SKILL.md describes only input scanning and producing SAFE/LOW_RISK/etc. The code implements that, plus 'harden' and 'fix' flows that read a config file path (or process.env.OPENCLAW_CONFIG) and write hardened configs. The manifest declares no required config paths or env vars, but the runtime will read user-supplied filesystem paths and an undeclared OPENCLAW_CONFIG environment variable. That means the skill can read and modify files outside the narrow 'check this text' scope in ways not documented in SKILL.md.
✓ 安装机制
No install spec and no external downloads; the skill is instruction+code only and has no package dependencies declared. This lowers supply-chain risk. There are no brew/npm/install URLs or extracted archives in the manifest.
⚠ 凭证需求
The registry metadata lists no required env vars, yet the CLI/code reads process.env.OPENCLAW_CONFIG as a fallback and will read/write arbitrary config paths passed on the command line. The skill also expects a shared rules module outside its package. Requesting access to filesystem paths and relying on an undeclared env var is disproportionate to a simple input-scanner and should be documented and justified by the author.
⚠ 持久化与权限
always:false (good), but the code's dependency on '../../shared/...' suggests it may attempt to access files outside its own package (potentially other skills' or platform-shared data). The skill can read and write configuration files supplied by the user; combined with the undocumented external dependency, this raises privilege and data-exposure concerns that should be clarified. It does not declare altering other skills, but the path access is anomalous.
⚠ SKILL.md:448
Prompt-injection style instruction pattern detected.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install clawguard-shield
镜像加速npx clawhub@latest install clawguard-shield --registry https://cn.longxiaskill.com 镜像可用