Security scanner and input sanitizer for AI agents. Detects prompt injection, command injection, SSRF, credential exfiltration, and path traversal attacks. Use when (1) installing new skills from ClawHub, (2) processing external input like emails, calendar events, Trello cards, or API responses, (3) validating URLs before fetching, (4) running security audits on your workspace. Protects agents from malicious content in untrusted data sources.
Security Analysis
medium confidenceThe skill's files and runtime instructions are coherent with a workspace-focused security/sanitization tool, but it makes some environment assumptions (hardcoded workspace path, writes logs/whitelist) and uses npx for a convenience install flow — review those before deploying.
Name/description (scanner + sanitizer) aligns with the provided scripts: sanitize.sh performs prompt checks and wraps clawdefender.sh, and clawdefender.sh contains pattern lists and validation modules. No unrelated credentials, binaries, or opaque network dependencies are demanded by the metadata.
SKILL.md instructs copying the two scripts into the workspace and piping external content into sanitize.sh, which in turn calls clawdefender.sh for detection. That is within the stated purpose. Two points to note: (1) the README and scripts instruct running 'npx clawhub install' as part of the --install flow (this executes code from the network), and (2) the tool scans the agent workspace and references many sensitive paths and config names — scanning those files is expected for a security tool but can expose sensitive data to the scanner process. Review the scan/audit behavior and test in an isolated environment first.
There is no packaged install spec; the skill is instruction-only plus two included shell scripts. No remote download or extract instructions are embedded in the skill files themselves. The only network-execution call is the optional 'npx clawhub install' used by the script's --install flow, which is conventional but runs code from npm at runtime.
The skill requests no environment variables or credentials in metadata. However, the scripts are hardcoded to use WORKSPACE="/home/clawdbot/clawd" and will read/write under that path (logs, whitelist, security directory). For a security scanner, access to workspace files is proportional to purpose, but the hardcoded path may cause the tool to access unexpected locations on your host if not adjusted. No extraneous credential requests are present in the manifest.
always is false and model invocation is allowed (normal). The script writes persistent artifacts: $WORKSPACE/memory/security-scans.md and $WORKSPACE/security/whitelist.json, and may modify a whitelist. That persistence is reasonable for a scanner but you should confirm you are comfortable with files being created/updated in the workspace and with the tool running autonomously if you allow it.
Guidance
What to check before installing: 1) Review the two scripts (sanitize.sh and clawdefender.sh) yourself — they are plain shell and readable. 2) Update the WORKSPACE variable to point to your intended agent/workspace (it's hardcoded to /home/clawdbot/clawd) so the tool doesn't scan unintended locations. 3) Run the scripts in a non-production/test environment first to see what files they read/write (they create logs and a whitelist under the workspace). 4) Be cautious with the '--install' flow: it runs 'npx clawhub install', which fetches/executes code from the network; only use that if you trust the upstream package. 5) Don't run with elevated privileges (root). 6) If you plan to allow autonomous invocation, restrict filesystem permissions and consider sandboxing the workspace to limit blast radius. 7) If you need higher assurance, run the audit step on a copy of your skills directory rather than live data.
Latest Release
v1.0.1
ClawDefender v1.0.1 - Tuned pattern detection to reduce false positives.
Popular Skills
Published by @Nukewire on ClawHub
