ClawAudit verdict
openclaw-dlp-guard
Prompt injection detection and DLP guardrail skill analyzing outbound content for attack patterns before posting to social platforms; a defensive security tool with no evidence of malicious behavior.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (12)
Prompt injection — tries to override agent instructions
SKILL.md · prose · downgraded · ignore all previous instructions
Raw model control tokens — prompt injection via token manipulation
SKILL.md · prose · downgraded · <|im_start|>
Uses eval() — can execute arbitrary code
SKILL.md · prose · downgraded · eval(
Dynamic __import__('os') — Python OS command execution
SKILL.md · prose · downgraded · __import__('os')
Recursive delete from root or home — destructive command
SKILL.md · prose · downgraded · rm -rf /
Pipe to bash — executes piped content as shell commands
SKILL.md · prose · downgraded · |bash
Pipe to sh — executes piped content as shell commands
SKILL.md · prose · downgraded · |sh
Pipe to python — executes piped content as Python code
SKILL.md · prose · downgraded · | Python
Attempts to reset agent rules/instructions
SKILL.md · prose · downgraded · reset your instructions
References sudo — requests elevated privileges
SKILL.md · prose · downgraded · sudo
Possible prompt injection — attempts to redefine agent identity
SKILL.md · prose · downgraded · you are now
Uses exec() — may execute shell commands
SKILL.md · prose · downgraded · exec(
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class A). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.