Official Verified system Safety 5/5

clawdefender

Security scanner and input sanitizer for AI agents. Detects prompt injection, command injection, SSRF, credential exfiltration, and path traversal attacks. Use when (1) installing new skills from ClawHub, (2) processing external input like emails, calendar events, Trello cards, or API responses, (3) validating URLs before fetching, (4) running security audits on your workspace. Protects agents from malicious content in untrusted data sources.

Why use this skill?

Secure your AI agent with ClawDefender. Automatically detect prompt injection, SSRF, and malware. Audit your skills and sanitize external input today.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/nukewire/clawdefender

Download Source Code (.zip)

What This Skill Does

ClawDefender is a robust security toolkit engineered to protect AI agents from a diverse array of malicious vectors. It acts as an automated gatekeeper, sitting between untrusted external data and your agent's core processing logic. The skill specializes in detecting prompt injection attacks, command injection, Server-Side Request Forgery (SSRF), credential exfiltration, and path traversal attempts. By auditing workspace files and scanning input streams, it ensures that your AI environment remains uncompromised even when handling dynamic inputs from the web, email, or third-party APIs.

Installation

To integrate ClawDefender into your workspace, copy the core scripts from the skill directory to your /scripts/ folder:

Copy the files: cp skills/clawdefender/scripts/clawdefender.sh scripts/ and cp skills/clawdefender/scripts/sanitize.sh scripts/.
Ensure execution permissions: chmod +x scripts/clawdefender.sh scripts/sanitize.sh.
Verify that your system has the necessary dependencies installed: bash, grep, sed, and jq.

Once installed, you can use the command ./scripts/clawdefender.sh --audit to perform an immediate security sweep of all currently installed skills.

Use Cases

External Input Filtering: Sanitize emails, calendar invites, and Trello cards before they reach the LLM, preventing prompt injection attacks.
URL Validation: Mitigate SSRF by checking requested URLs against known malicious patterns or internal metadata services like 169.254.169.254 before the agent attempts an HTTP fetch.
Skill Verification: Run a security audit whenever you install a new skill from ClawHub to ensure it doesn't contain hidden backdoors or malicious scripts.
Automated Security Pipelines: Integrate the --strict mode of sanitize.sh into your CI/CD or automation workflows to drop any input packets that trigger security alerts.

Example Prompts

"@agent scan the latest emails in my inbox for potential security threats using ClawDefender."
"@agent audit my current skill library for vulnerabilities to ensure my workspace is secure."
"@agent validate this URL before I open it: https://untrusted-api-service.com/data."

Tips & Limitations

Severity Levels: Always monitor output scores. A CRITICAL flag (90+) should be treated as an immediate threat; do not process the data.
Silent Mode: Use the --silent flag for high-throughput automation to keep logs clean, but ensure that logs are being captured elsewhere for audit trails.
Context Awareness: While ClawDefender is highly effective, it cannot prevent all sophisticated social engineering attacks. Maintain human oversight when dealing with highly sensitive data.

Read Full Documentation on GitHub

Metadata

Author@nukewire

Stars1287

Updated2026-02-22

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-nukewire-clawdefender": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#cybersecurity#input-sanitization#ssrf-protection#agent-safety

Safety Score: 5/5

Flags: file-read, code-execution