2.5k
GitHub Stars
7
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill prompt-shield- _meta.json463 B
- patterns.yaml19.9 KB
- prompt-shield-hook.sh1.5 KB
- SCORING.md10.6 KB
- shield.py35.4 KB
- SKILL.md4.7 KB
- whitelist.yaml1004 B
Overview
This skill is a Prompt Injection Firewall for AI agents that inspects incoming text and blocks manipulative or malicious prompts. It uses 113 detection patterns across 14 threat categories, a heuristic scoring system, and a tamper-proof hash-chain whitelist with mandatory peer review. Integration hooks (Claude Code) allow automatic interception before agent processing.
How this skill works
The scanner analyzes input against pattern signatures and assigns scores that map to CLEAN, WARNING, or BLOCK outcomes. Heuristic combo bonuses raise danger levels when multiple categories appear together. A hash-chained whitelist allows safe overrides only after two peer approvals and enforces expiration and limited exemptions. Hooks can return silent pass, caution messages, or block processing depending on the verdict.
When to use it
- Protect agents that accept untrusted user content or third-party skill responses.
- Pre-filter messages before handing them to LLMs to prevent jailbreaks and command execution.
- Enforce safe agent behavior in deployed multi-skill systems and agent marketplaces.
- Audit archived skill packages or backups for embedded prompt malware before restoration.
- Apply automated filtering in chatops, moderation pipelines, or webhook handlers.
Best practices
- Run the scanner as a pre-processing hook so dangerous inputs never reach the model.
- Maintain and peer-review the hash-chain whitelist; require at least two distinct approvers.
- Tune warning thresholds and follow up WARNING results with human review for high-risk contexts.
- Rotate whitelist expiration and limit category exemptions to minimize long-term risk.
- Combine pattern detection with runtime sandboxing for any code execution paths.
Example use cases
- Block messages that mimic system prompts (fake authority) to prevent model obedience to injected commands.
- Detect and reject command injection, reverse-shell payloads, and base64-encoded skill malware.
- Prevent crypto spam and link-based scams from being acted on by automation skills.
- Catch memory poisoning and identity override attempts that try to change agent behavior.
- Archive scanners for skill repositories or backups to flag potentially malicious archived skills before deployment.
FAQ
WARNING inputs are allowed to pass only with a caution message and should trigger human review or stricter downstream checks in high-risk workflows.
How does the hash-chain whitelist prevent tampering?
Each whitelist entry stores the SHA256 of the previous entry; any insertion, deletion, or modification breaks the chain and can be detected by the verification routine.