ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified utilities Safety 5/5

clawdefender

Security scanner and input sanitizer for AI agents. Detects prompt injection, command injection, SSRF, credential exfiltration, and path traversal attacks. Use when (1) installing new skills from ClawHub, (2) processing external input like emails, calendar events, Trello cards, or API responses, (3) validating URLs before fetching, (4) running security audits on your workspace. Protects agents from malicious content in untrusted data sources.

Why use this skill?

Secure your AI agent with ClawDefender. Protect against prompt injection, SSRF, and malware with our automated security scanning and input sanitization toolkit.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/bobdevibecoder/bobagent-clawdefender
Or

What This Skill Does

ClawDefender is an essential security layer for your AI agent workspace. Designed as a comprehensive security toolkit, it provides active defense against common AI-centric vulnerabilities including prompt injection, command injection, Server-Side Request Forgery (SSRF), and path traversal. By acting as an intermediary between the agent and untrusted data, it inspects incoming emails, API responses, Trello cards, and third-party script installs to ensure that malicious payloads are caught before they reach the agent's core processing logic. The tool provides a tiered risk assessment, categorizing threats by severity to allow for automated blocking or manual review.

Installation

To integrate ClawDefender, copy the provided utility scripts into your workspace scripts directory:

  1. Execute cp skills/clawdefender/scripts/clawdefender.sh scripts/
  2. Execute cp skills/clawdefender/scripts/sanitize.sh scripts/
  3. Run chmod +x scripts/clawdefender.sh scripts/sanitize.sh to grant execution permissions. Ensure your environment has bash, grep, sed, and jq installed, as these are the core dependencies for the scanning logic.

Use Cases

Use ClawDefender whenever your agent interacts with the outside world. Key use cases include:

  • Skill Procurement: Every time you install a new skill via ClawHub, run a full audit to check for malicious code.
  • External Data Ingestion: Sanitize all content coming from webhooks, API responses, or emails before passing it to an LLM.
  • Safe Browsing: Validate all external URLs with --check-url to prevent SSRF attacks against internal network resources.
  • Input Filtering: Automatically sanitize user-provided text to stop prompt injection attempts aimed at subverting agent instructions.

Example Prompts

  1. "ClawDefender, please perform a full security audit of the newly installed skills folder to ensure there are no high-risk scripts present."
  2. "Before I process this latest email chain, please run it through the sanitize utility to check for any hidden prompt injection attempts."
  3. "Validate this URL: https://example.com/api/data before I attempt to fetch the payload to ensure it is not targeting internal metadata."

Tips & Limitations

ClawDefender is a powerful defensive tool, but it should not be considered a silver bullet. Always maintain a human-in-the-loop workflow for files marked with HIGH or CRITICAL severity. Ensure your scripts/ directory permissions are restricted to prevent unauthorized tampering with the sanitizer binaries. While the tool is excellent at detecting known injection patterns, stay updated with the latest security definitions to protect against evolving evasion techniques.

Read Full Documentation on GitHub

Metadata

Author@bobdevibecoder
Stars1100
Views2
Updated2026-02-17
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-bobdevibecoder-bobagent-clawdefender": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#defense#cybersecurity#sanitization#prompt-injection
Safety Score: 5/5

Flags: file-read, file-write, code-execution

Related Skills

affiliate-master

Full-stack affiliate marketing automation for OpenClaw agents. Generate, track, and optimize affiliate links with FTC-compliant disclosures and multi-network support.

bobdevibecoder 1100

tweet-ideas-generator

Generates 60 high-impact tweet ideas from reference content across 5 categories. Use when someone wants to extract engaging short-form statements from content for Twitter/X, organized by harsh advice, quotes, pain points, counterintuitive truths, and key insights.

bobdevibecoder 1100

ai-discoverability-audit

Audit how a brand appears in AI-powered search (ChatGPT, Perplexity, Claude, Gemini). Use when user mentions "AI search," "how do I show up in ChatGPT," "AI discoverability," "AEO," "LLM visibility," or wants to understand their brand's AI presence.

bobdevibecoder 1100

positioning-basics

Help founders and marketers nail their positioning. Use when someone mentions "positioning," "value proposition," "who is this for," "how do I describe my product," "messaging," "ICP," "ideal customer," or is struggling to articulate what makes their product different.

bobdevibecoder 1100

polymarket-correlation

Detect mispriced correlations between Polymarket prediction markets. Cross-market arbitrage finder for AI agents.

bobdevibecoder 1100