2.5k
GitHub Stars
6
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill counterclaw-core- _meta.json648 B
- email_protector.py4.0 KB
- pyproject.toml1.1 KB
- README.md6.5 KB
- send_protected_email.sh2.5 KB
- SKILL.md3.7 KB
Overview
This skill is a defensive interceptor for AI agents that detects prompt injections and masks basic PII before it can leak. I built it to sit between user inputs and model responses, providing automatic blocking, masking, and simple violation logging. It is lightweight, config-driven, and intended for rapid integration into agent pipelines.
How this skill works
CounterClaw scans incoming prompts for common injection patterns and policy override attempts, returning a block decision when a threat is detected. It also inspects model outputs for simple PII patterns (email and phone) and can mask or flag detected items. Administrative trust is controlled via environment configuration so privileged IDs can bypass protections when appropriate.
When to use it
- Protect conversational agents from prompt injection attacks in production or staging.
- Prevent accidental leakage of basic PII from model outputs before logging or display.
- Add a lightweight pre- and post-processing layer to existing agent pipelines.
- Rapidly prototype defensive behavior during security reviews or red-team tests.
- Enforce a simple admin bypass policy for trusted operators.
Best practices
- Run input checks before any prompt is sent to the model and run output checks before external exposure or logging.
- Combine CounterClaw with more advanced security audits for complex PII types or contextual leaks.
- Keep trusted admin IDs restricted and rotate them as part of operations hygiene.
- Monitor violation logs regularly and tune detection patterns to reduce false positives.
- Mask PII rather than only flagging it when storing or displaying model outputs.
Example use cases
- A customer support agent that blocks user prompts attempting to manipulate system instructions.
- A chatbot that masks email addresses and phone numbers in responses before saving transcripts.
- A development pipeline that runs automatic security scans of prompts and responses during CI.
- A small-scale agent deployed to Telegram with admin-locked overrides for operators.
- A red-team exercise where simulated injections are automatically detected and logged.
FAQ
Out of the box it detects common email and phone patterns; extend detection for more types as needed.
How do I configure trusted admins?
Set TRUSTED_ADMIN_IDS in the environment and the interceptor will read that value at initialization.