black-fortress
Pre-installation agentic sandboxing protocol. 5-layer defense: semantic neutralization, hard quarantine, kernel ground-truth, trusted output rendering, and sterile autopsy.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/almohalhel1408/black-fortressBlack-Fortress Protocol
Pre-Installation Agentic Sandboxing & Interrogation.
This fortress does not monitor intentions. It enforces physical laws.
A feature that cannot survive this protocol does not deserve execution.
Architecture Overview
┌─────────────────────────────────────────────────────────────────┐
│ BLACK-FORTRESS ORCHESTRATOR │
│ Deterministic Python — Zero LLM │
├─────────┬───────────┬──────────────┬─────────────┬──────────────┤
│ Layer 1 │ Layer 2 │ Layer 3 │ Layer 4 │ Layer 5 │
│ Semantic│ Hard │ Kernel │ Trusted │ Sterile │
│ Neutral-│ Quarantine│ Ground-Truth│ Output │ Autopsy │
│ ization │ │ │ Rendering │ │
├─────────┴───────────┴──────────────┴─────────────┴──────────────┤
│ GATE: ALL 5 LAYERS PASS = APPROVE │
│ ANY FAIL = REJECT (Fail-Closed) │
├─────────────────────────────────────────────────────────────────┤
│ ANTI-GHOST: VM deletion + audit log chain │
└─────────────────────────────────────────────────────────────────┘
When to Use
- Before installing any third-party agent/skill/feature into production
- Before executing untrusted code from external sources
- When validating AI-generated code for deployment
- When a feature's behavior must be verified beyond code review
Requirements
| Requirement | Details |
|---|---|
| Python | 3.9+ (required for orchestrator and all layer scripts) |
| Docker | Docker Desktop (macOS) or Docker Engine (Linux 20.04+) |
| Pillow (PIL) | Required — Layer 4 image recompression fails closed without it |
| Privileges | Non-root for Docker mode; root only for optional Firecracker micro-VM mode |
| OS | macOS 12+ (Docker Desktop) or Linux (Ubuntu 20.04+, seccomp support) |
| Disk | ~100MB for distroless sandbox image |
| Network | None required at runtime (Docker --network=none) |
No API keys, no cloud accounts, no external services. The entire protocol runs locally.
The Semantic Paradox (Security Feature)
Black-Fortress Layer 1 obfuscation is designed to preserve AST (Abstract Syntax Tree) logic while destroying all surface-level semantics. This means:
- ✅ Control flow (if/else, loops, exceptions) is preserved exactly
- ✅ Function signatures (arity, return types) are preserved
- ✅ Import structure is preserved
- ❌ Variable names, function names, class names → randomized hashes
- ❌ Comments, docstrings → stripped entirely
- ❌ String literals >50 chars → truncated
Any code that relies on hardcoded string-reflection (e.g., getattr(obj, "user_input"), eval(), exec() with dynamic strings, __name__ comparisons) will intentionally break under obfuscation.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-almohalhel1408-black-fortress": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
tooldeck
Auto-scrapes URLs to extract tool/service info, auto-categorizes, and saves to a personal database. Use when user explicitly shares a URL to save or asks to remember a service. Always confirm before saving. Never auto-save without user intent.
clawhub-publish-conventions
ClawHub skill publishing conventions — file inclusion rules, metadata requirements, versioning, and scanner false-positive defense. Use when publishing or updating skills on ClawHub.
sniplink
OpenClaw skill. One-shot URL saver for tools and services discovered on X, GitHub, or anywhere. Drop a link, get it categorized, tagged, and stored — no friction, no multi-step forms. Built for ADHD brains and anyone who keeps losing track of tools they saved across bookmarks, notes, and chats.