ClawDefender - OpenClaw Security - Prompt injection, rogue skills etc
Alert level: High
Agent security scanner and sanitizer for prompt injection, SSRF, and command abuse.
Locality:Hybrid
Data access:Sensitive
Actions:Execute
Installs 10Downloads 2337Stars 11Updated 10h ago
Why this rating
Deterministic checks triggered by the tool capabilities and evidence.
- Locality: Hybrid
It validates local execution paths and screens external URLs/content pipelines.
- Data access: Sensitive
Input streams can include API payloads, message-like content, and secret-bearing text.
- Action surface: Execute
It runs audit/install/validate command flows and is designed for automation hooks.
Best practices
Follow these steps to reduce risk when using this skill.
- Run audits in CI and fail builds on critical findings before deployment.
- Keep sanitizer scripts immutable and checksum-verified in production environments.
- Treat all fetched external content as untrusted until it passes validation checks.
Evidence links
Public sources backing the indicator assignments.
Always be careful when navigating away from the website.
Max-risk rule
If any capability reaches a higher level, the entire indicator level bumps up to keep ratings deterministic and easy to scan.