Prompt Injection Detection for OpenClaw
Paste a GitHub link, ClawHub skill, or any URL, or upload a local file. Our scanner detects prompt injection, data exfiltration, privilege escalation, and hidden malicious instructions before they reach your agent.
Community skills and shared prompt files can contain hidden instructions that hijack your agent, steal your data, or escalate privileges. We catch all of it.
Hidden instructions that override your agent's system prompt. Phrases like "ignore previous instructions," "you are now," role-swapping attacks, and multi-turn manipulation chains.
Commands that try to send your private data to external URLs. Detects suspicious fetch/curl/webhook calls, encoded URLs, and attempts to read and transmit sensitive files like API keys, tokens, or memory files.
Attempts to gain elevated access, run shell commands, modify system files, change agent configurations, or break out of sandbox restrictions. Catches sudo, chmod, and system-level file writes.
Zero-width characters, invisible Unicode, comment-embedded commands, and instructions hidden in seemingly benign text. These are invisible to humans but executed by AI agents.
Base64-encoded commands, hex-encoded strings, ROT13, URL-encoded instructions, and other encoding tricks designed to bypass simple pattern matching while still executing malicious actions.
Prompts that manipulate the agent into revealing private information, bypassing safety guidelines, or performing actions the user never intended. Detects emotional manipulation and urgency tactics.
No setup, no CLI, no API keys. Upload your file, get your results, take action.
Paste a GitHub link, ClawHub skill URL, or any raw text URL. Or drag and drop a local file. Supports SKILL.md, AGENTS.md, SOUL.md, and any text-based prompt or config file. Files scanned in-browser, never stored.
Within seconds, see a detailed breakdown of every finding. Each issue gets a severity level (Critical, High, Medium, Low), the exact line number, and an explanation of why it matters.
Every finding comes with a specific remediation guide. Know exactly what to remove, replace, or flag. Copy the clean version or follow step-by-step instructions to sanitize the file yourself.
ClawOps Shield uses pattern-based detection to identify potential security threats. Results are informational only and may include false positives or false negatives. A clean scan does not guarantee a file is free from malicious content. Shield is not a substitute for professional security audits. See our Scanner Terms for full details.
Every account gets 1 free scan. After that, pick the plan that fits your usage. Cancel anytime.
Already a ClawOps client? Shield is included free with all ClawOps service plans. AI Receptionist, Revenue Ops, Custom AI Agents, and AaaS clients get unlimited scans at no extra cost.
Yes. Paste any GitHub URL (file, directory, or repo root), any ClawHub skill page link, or any raw text URL, and Shield will fetch and scan the file for you. No need to clone or download anything. Works with any public repository or skill listing. The file content is fetched and scanned entirely in your browser.
Any text-based file: .md, .txt, .yaml, .yml, .json, .toml, .py, .js, .sh, and more. This covers SKILL.md, AGENTS.md, SOUL.md, USER.md, TOOLS.md, and any custom prompt or configuration file used by OpenClaw or similar agent frameworks.
No. All scanning happens client-side in your browser. Your file contents never leave your machine. When you scan from a URL, the file is fetched directly from the source (GitHub, ClawHub, etc.) to your browser and processed locally. We take privacy seriously, especially since these files can contain sensitive agent configurations.
One file upload equals one scan. If you upload a ZIP or directory (Enterprise plan), each file inside counts as one scan. Re-scanning the same file after edits counts as a new scan.
Code linters check syntax. Shield checks intent. We detect semantic attacks like prompt injection, social engineering, and hidden instructions that are valid text but designed to manipulate AI agents. Traditional linters would pass these without flagging anything.
No. Shield is included free with every ClawOps service plan (AI Receptionist, Revenue Ops Sprint, Custom AI Agents, and Automation-as-a-Service). Just log in with the same account and you get unlimited scans.
Yes. While optimized for OpenClaw skill files and agent configs, the detection rules apply broadly to any AI prompt file, LLM system prompt, or agent instruction set. If it tells an AI what to do, we can scan it.
Every skill you install is a set of instructions your agent will follow blindly. Make sure those instructions are safe before they run.