pipelock
Secure agent HTTP requests through a scanning proxy that catches credential leaks, SSRF, and prompt injection
Why use this skill?
Secure your AI agents with Pipelock, the 7-layer security proxy. Prevent credential leaks, SSRF, and prompt injection in your automated workflows.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/luckypipewrench/pipelockWhat This Skill Does
Pipelock is a robust security harness designed to act as an intelligent intermediary for all outbound HTTP traffic generated by AI agents. By functioning as a high-performance 7-layer scanning proxy, it inspects every packet for potential security risks before they leave your local environment. It is specifically engineered to mitigate the unique risks associated with autonomous agents, such as accidental credential exposure, Server-Side Request Forgery (SSRF), and malicious prompt injections that could trick an agent into exfiltrating sensitive data. Beyond simple filtering, Pipelock uses entropy analysis and pattern matching to identify potential API key leaks, ensuring your environment variables and secrets remain local even if an agent is compromised or tricked.
Installation
To integrate Pipelock into your workflow, ensure you have the OpenClaw agent environment set up. You can install the skill directly via the command line:
clawhub install openclaw/skills/skills/luckypipewrench/pipelock
For native binary installation (recommended for performance), you can use Homebrew or Go:
brew install luckyPipewrench/tap/pipelock or go install github.com/luckyPipewrench/pipelock/cmd/pipelock@latest.
Once installed, initialize your configuration using the pipelock generate config command. We recommend starting with the balanced preset to ensure an immediate security baseline without interfering with standard agent operations.
Use Cases
- Preventing Credential Leaks: Automatically scans outgoing HTTP bodies for common patterns associated with AWS, GitHub, or OpenAI tokens.
- Securing MCP Servers: Wraps Model Context Protocol servers to provide a security layer for filesystem access and data retrieval.
- Workplace Integrity: Validates that AI agents are not making unauthorized modifications to your local source code, providing a audit trail for file-based interactions.
- Agentic Safeguarding: Protects against "indirect prompt injection" by filtering the responses agents receive from third-party websites before they are processed by the LLM.
Example Prompts
- "Pipelock, run an integrity check on my current project directory to ensure the agent hasn't modified any core configuration files."
- "Configure Pipelock to use the strict preset and block any external requests to uncategorized domains while I'm testing this new agent framework."
- "Show me the recent logs from the Pipelock proxy to verify if any blocked requests were flagged as potential SSRF attempts."
Tips & Limitations
- Performance: While Pipelock is designed for speed, highly complex regex patterns or very large payloads may introduce minor latency. Use the
auditpreset during debugging to minimize impact. - False Positives: If you are developing web applications, the
strictmode might block legitimate local development traffic. Use thebalancedpreset or define specific allow-lists in yourpipelock.yaml. - Maintenance: Always keep your Pipelock binary updated to ensure your DLP patterns remain current against the latest leak vectors.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-luckypipewrench-pipelock": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-read, file-write