中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:1 day ago Rescan
15 /100
clawguard-shield
Active defense system for detecting and preventing prompt injection attacks, malicious inputs, and intent manipulation in AI agent conversations
ClawGuard Shield is a legitimate defensive security tool for detecting prompt injection attacks. The flagged base64 decoding at SKILL.md:37 is a false positive—it's defensive code documented to show how to detect encoded injection attempts, not obfuscated malicious code.
Skill Nameclawguard-shield
Duration43.0s
Enginepi
Safe to install
This skill is safe to use. The pre-scan flagged Buffer.from() as suspicious, but this is legitimate defensive code for decoding potential injection payloads. Consider the missing dependency ../../shared/rules/interceptor-rules.js which may cause runtime errors.

Findings 2 items

Severity Finding Location
Low
Missing external dependency Supply Chain
Code imports from ../../shared/rules/interceptor-rules.js which does not exist. This will cause runtime errors when the Shield class is instantiated.
const rules = require('../../shared/rules/interceptor-rules.js');
→ Either create the missing rules file or refactor to inline the rules within shield.js
 src/shield.js:9
Info
False positive IOC flagged by pre-scan Doc Mismatch
The pre-scan flagged Buffer.from(str, 'base64') at SKILL.md:37 as 'Base64 encoding execution (code obfuscation)'. This is actually legitimate defensive code documented to show how to detect base64-encoded injection attempts.
const decoded = Buffer.from(str, 'base64').toString('utf-8');
→ This is a false positive. The code is documented defensive behavior, not obfuscation.
 SKILL.md:37
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned cli.js:61 - fs.readFileSync() only when config path explicitly provided
Network NONE NONE No network requests in codebase
Shell NONE NONE No subprocess/spawn calls found
Environment NONE NONE Only reads OPENCLAW_CONFIG env var for config path
1 Critical 1 findings
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(str, 'base64'
SKILL.md:37

File Tree

6 files · 40.5 KB · 1383 lines
JavaScript 2f · 693L Markdown 2f · 667L JSON 2f · 23L
├─ 📁 src
│ └─ 📜 shield.js JavaScript 599L · 17.9 KB
├─ 📋 _meta.json JSON 7L · 159 B
├─ 📜 cli.js JavaScript 94L · 3.7 KB
├─ 📋 package.json JSON 16L · 485 B
├─ 📝 README.md Markdown 174L · 4.9 KB
└─ 📝 SKILL.md Markdown 493L · 13.4 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
none N/A package.json No No npm dependencies declared
interceptor-rules.js missing import No Imported from ../../shared/rules/ but file does not exist

Security Positives

✓ No credential theft - does not access ~/.ssh, ~/.aws, .env, or other sensitive paths
✓ No data exfiltration - no network requests sending data externally
✓ No code execution - no eval(), Function(), subprocess, or spawn calls
✓ No obfuscation - all code is clear and readable
✓ No dependencies - package.json shows empty dependencies, reducing supply chain risk
✓ No persistence mechanisms - no cron jobs, startup hooks, or backdoors
✓ Input validation - CLI validates command arguments before processing
✓ Legitimate defensive purpose - designed to detect and prevent prompt injection attacks