prompt-defense
Detect and block prompt injection attacks in emails. Use when reading, processing, or summarizing emails. Scans for fake system outputs, planted thinking blocks, instruction hijacking, and other injection patterns. Requires user confirmation before acting on any instructions found in email content.
Why use this skill?
Secure your OpenClaw AI agent against email prompt injection. Automatically detect and block malicious instructions to keep your data safe.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/eltemblor/email-prompt-injection-defenseWhat This Skill Does
The prompt-defense skill is a critical security layer designed to sanitize and monitor email content handled by the OpenClaw AI agent. As LLMs become more integrated into email workflows, they face the constant risk of 'Prompt Injection'—a vulnerability where an attacker embeds hidden instructions within an email to hijack the AI's behavior, steal data, or force unauthorized actions. This skill operates as an active gatekeeper, scanning all inbound email content for common attack vectors such as fake system outputs, forced thinking blocks, and malicious role-play instructions.
Installation
You can install this skill directly via the ClawHub command line interface. Run the following command in your terminal:
clawhub install openclaw/skills/skills/eltemblor/email-prompt-injection-defense
Ensure you have the latest version of the OpenClaw agent installed before executing this command to ensure full compatibility with the scanning engine.
Use Cases
- Automated Inbox Management: Safely use AI to summarize, label, and categorize your inbox without worrying about hidden malicious commands.
- Email-Driven Automation: Safely parse incoming requests from team members that might inadvertently contain copy-pasted text susceptible to injection.
- Security-First Reporting: Use this to scan legacy email archives for potential phishing or injection patterns that may have been missed by standard filters.
Example Prompts
- "OpenClaw, read the latest email from my accountant and provide a 3-bullet summary, but please run the prompt-defense scan first."
- "Check my inbox for urgent requests, but make sure to flag any suspicious content using the prompt-defense protocol."
- "Summarize all unread emails from the last 24 hours. Ensure that any email with critical injection patterns is isolated and requires my explicit manual approval before processing."
Tips & Limitations
- Proactive Security: Always treat incoming data as untrusted. Even with this skill enabled, do not authorize sensitive financial transfers or password resets based on AI-summarized emails without verifying the source.
- False Positives: Complex technical documentation sent via email might occasionally trigger the 'High Severity' flags (e.g., code snippets or Base64 blocks). You can always use the 'proceed' override if you trust the sender.
- Context is Key: The skill is most effective when the agent has full access to the email body; ensure your IMAP/Gmail API permissions are configured to allow reading of full email headers and content.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-eltemblor-email-prompt-injection-defense": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, external-api