clawguard-shield 安全扫描报告 — 低风险 | ClawSafe

15 /100

clawguard-shield

Active defense system for detecting and preventing prompt injection attacks, malicious inputs, and intent manipulation in AI agent conversations

ClawGuard Shield is a legitimate defensive security tool for detecting prompt injection attacks. The flagged base64 decoding at SKILL.md:37 is a false positive—it's defensive code documented to show how to detect encoded injection attempts, not obfuscated malicious code.

技能名称clawguard-shield

分析耗时43.0s

引擎pi

✓

可以安装

This skill is safe to use. The pre-scan flagged Buffer.from() as suspicious, but this is legitimate defensive code for decoding potential injection payloads. Consider the missing dependency ../../shared/rules/interceptor-rules.js which may cause runtime errors.

安全发现 2 项

严重性	安全发现	位置
低危	Missing external dependency 供应链 Code imports from ../../shared/rules/interceptor-rules.js which does not exist. This will cause runtime errors when the Shield class is instantiated. `const rules = require('../../shared/rules/interceptor-rules.js');` → Either create the missing rules file or refactor to inline the rules within shield.js	`src/shield.js:9`
提示	False positive IOC flagged by pre-scan 文档欺骗 The pre-scan flagged Buffer.from(str, 'base64') at SKILL.md:37 as 'Base64 encoding execution (code obfuscation)'. This is actually legitimate defensive code documented to show how to detect base64-encoded injection attempts. `const decoded = Buffer.from(str, 'base64').toString('utf-8');` → This is a false positive. The code is documented defensive behavior, not obfuscation.	`SKILL.md:37`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	cli.js:61 - fs.readFileSync() only when config path explicitly provided
网络访问	`NONE`	`NONE`	—	No network requests in codebase
命令执行	`NONE`	`NONE`	—	No subprocess/spawn calls found
环境变量	`NONE`	`NONE`	—	Only reads OPENCLAW_CONFIG env var for config path

1 严重 1 项发现

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(str, 'base64'

SKILL.md:37

目录结构

6 文件 · 40.5 KB · 1383 行

JavaScript 2f · 693L Markdown 2f · 667L JSON 2f · 23L

├─ ▾ 📁 src

│ └─ 📜 shield.js JavaScript 599L · 17.9 KB

├─ 📋 _meta.json JSON 7L · 159 B

├─ 📜 cli.js JavaScript 94L · 3.7 KB

├─ 📋 package.json JSON 16L · 485 B

├─ 📝 README.md Markdown 174L · 4.9 KB

└─ 📝 SKILL.md Markdown 493L · 13.4 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`none`	`N/A`	package.json	否	No npm dependencies declared
`interceptor-rules.js`	`missing`	import	否	Imported from ../../shared/rules/ but file does not exist

安全亮点

✓ No credential theft - does not access ~/.ssh, ~/.aws, .env, or other sensitive paths

✓ No data exfiltration - no network requests sending data externally

✓ No code execution - no eval(), Function(), subprocess, or spawn calls

✓ No obfuscation - all code is clear and readable

✓ No dependencies - package.json shows empty dependencies, reducing supply chain risk

✓ No persistence mechanisms - no cron jobs, startup hooks, or backdoors

✓ Input validation - CLI validates command arguments before processing

✓ Legitimate defensive purpose - designed to detect and prevent prompt injection attacks