If you're running agents that process untrusted content, this catches prompt injection attempts before they hijack your system prompt. It scans skill files, user input, and external data for patterns like "ignore previous instructions," hidden HTML comments with directives, base64-encoded commands, and social engineering tricks. Returns findings in three severity tiers with specific line numbers and recommended actions. The detection rules are comprehensive and the normalization step (decoding base64, stripping zero-width chars) is smart. Trust score of 97, no network or shell access. Worth having in your security stack if your agent ingests anything from the web or accepts complex user input.
npx skills add https://github.com/useai-pro/openclaw-skills-security --skill prompt-guard