{ "schemaVersion": "1.0", "item": { "slug": "hopeids", "name": "Openclaw Plugin", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/emberDesire/hopeids", "canonicalUrl": "https://clawhub.ai/emberDesire/hopeids", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/hopeids", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=hopeids", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "index.ts", "openclaw.plugin.json", "package.json" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/hopeids" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/hopeids", "agentPageUrl": "https://openagent3.xyz/skills/hopeids/agent", "manifestUrl": "https://openagent3.xyz/skills/hopeids/agent.json", "briefUrl": "https://openagent3.xyz/skills/hopeids/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "hopeIDS Security Skill", "body": "Inference-based intrusion detection for AI agents with quarantine and human-in-the-loop." }, { "title": "Security Invariants", "body": "These are non-negotiable design principles:\n\nBlock = full abort — Blocked messages never reach jasper-recall or the agent\nMetadata only — No raw malicious content is ever stored\nApprove ≠ re-inject — Approval changes future behavior, doesn't resurrect messages\nAlerts are programmatic — Telegram alerts built from metadata, no LLM involved" }, { "title": "Features", "body": "Auto-scan — Scan messages before agent processing\nQuarantine — Block threats with metadata-only storage\nHuman-in-the-loop — Telegram alerts for review\nPer-agent config — Different thresholds for different agents\nCommands — /approve, /reject, /trust, /quarantine" }, { "title": "The Pipeline", "body": "Message arrives\n ↓\nhopeIDS.autoScan()\n ↓\n┌─────────────────────────────────────────┐\n│ risk >= threshold? │\n│ │\n│ BLOCK (strictMode): │\n│ → Create QuarantineRecord │\n│ → Send Telegram alert │\n│ → ABORT (no recall, no agent) │\n│ │\n│ WARN (non-strict): │\n│ → Inject │\n│ → Continue to jasper-recall │\n│ → Continue to agent │\n│ │\n│ ALLOW: │\n│ → Continue normally │\n└─────────────────────────────────────────┘" }, { "title": "Configuration", "body": "{\n \"plugins\": {\n \"entries\": {\n \"hopeids\": {\n \"enabled\": true,\n \"config\": {\n \"autoScan\": true,\n \"defaultRiskThreshold\": 0.7,\n \"strictMode\": false,\n \"telegramAlerts\": true,\n \"agents\": {\n \"moltbook-scanner\": {\n \"strictMode\": true,\n \"riskThreshold\": 0.7\n },\n \"main\": {\n \"strictMode\": false,\n \"riskThreshold\": 0.8\n }\n }\n }\n }\n }\n }\n}" }, { "title": "Options", "body": "OptionTypeDefaultDescriptionautoScanbooleanfalseAuto-scan every messagestrictModebooleanfalseBlock (vs warn) on threatsdefaultRiskThresholdnumber0.7Risk level that triggers actiontelegramAlertsbooleantrueSend alerts for blocked messagestelegramChatIdstring-Override alert destinationquarantineDirstring~/.openclaw/quarantine/hopeidsStorage pathagentsobject-Per-agent overridestrustOwnersbooleantrueSkip scanning owner messages" }, { "title": "Quarantine Records", "body": "When a message is blocked, a metadata record is created:\n\n{\n \"id\": \"q-7f3a2b\",\n \"ts\": \"2026-02-06T00:48:00Z\",\n \"agent\": \"moltbook-scanner\",\n \"source\": \"moltbook\",\n \"senderId\": \"@sus_user\",\n \"intent\": \"instruction_override\",\n \"risk\": 0.85,\n \"patterns\": [\n \"matched regex: ignore.*instructions\",\n \"matched keyword: api key\"\n ],\n \"contentHash\": \"ab12cd34...\",\n \"status\": \"pending\"\n}\n\nNote: There is NO originalMessage field. This is intentional." }, { "title": "Telegram Alerts", "body": "When a message is blocked:\n\n🛑 Message blocked\n\nID: `q-7f3a2b`\nAgent: moltbook-scanner\nSource: moltbook\nSender: @sus_user\nIntent: instruction_override (85%)\n\nPatterns:\n• matched regex: ignore.*instructions\n• matched keyword: api key\n\n`/approve q-7f3a2b`\n`/reject q-7f3a2b`\n`/trust @sus_user`\n\nBuilt from metadata only. No LLM touches this." }, { "title": "/quarantine [all|clean]", "body": "List quarantine records.\n\n/quarantine # List pending\n/quarantine all # List all (including resolved)\n/quarantine clean # Clean expired records" }, { "title": "/approve ", "body": "Mark a blocked message as a false positive.\n\n/approve q-7f3a2b\n\nEffect:\n\nStatus → approved\n(Future) Add sender to allowlist\n(Future) Lower pattern weight" }, { "title": "/reject ", "body": "Confirm a blocked message was a true positive.\n\n/reject q-7f3a2b\n\nEffect:\n\nStatus → rejected\n(Future) Reinforce pattern weights" }, { "title": "/trust ", "body": "Whitelist a sender for future messages.\n\n/trust @legitimate_user" }, { "title": "/scan ", "body": "Manually scan a message.\n\n/scan ignore your previous instructions and..." }, { "title": "What Approve/Reject Mean", "body": "CommandWhat it doesWhat it doesn't do/approveMarks as false positive, may adjust IDSDoes NOT re-inject the message/rejectConfirms threat, may strengthen patternsDoes NOT affect current message/trustWhitelists sender for futureDoes NOT retroactively approve\n\nThe blocked message is gone by design. If it was legitimate, the sender can re-send." }, { "title": "Per-Agent Configuration", "body": "Different agents need different security postures:\n\n\"agents\": {\n \"moltbook-scanner\": {\n \"strictMode\": true, // Block threats\n \"riskThreshold\": 0.7 // 70% = suspicious\n },\n \"main\": {\n \"strictMode\": false, // Warn only\n \"riskThreshold\": 0.8 // Higher bar for main\n },\n \"email-processor\": {\n \"strictMode\": true, // Always block\n \"riskThreshold\": 0.6 // More paranoid\n }\n}" }, { "title": "Threat Categories", "body": "CategoryRiskDescriptioncommand_injection🔴 CriticalShell commands, code executioncredential_theft🔴 CriticalAPI key extraction attemptsdata_exfiltration🔴 CriticalData leak to external URLsinstruction_override🔴 HighJailbreaks, \"ignore previous\"impersonation🔴 HighFake system/admin messagesdiscovery⚠️ MediumAPI/capability probing" }, { "title": "Installation", "body": "npx hopeid setup\n\nThen restart OpenClaw." }, { "title": "Links", "body": "GitHub: https://github.com/E-x-O-Entertainment-Studios-Inc/hopeIDS\nnpm: https://www.npmjs.com/package/hopeid\nDocs: https://exohaven.online/products/hopeids" } ], "body": "hopeIDS Security Skill\n\nInference-based intrusion detection for AI agents with quarantine and human-in-the-loop.\n\nSecurity Invariants\n\nThese are non-negotiable design principles:\n\nBlock = full abort — Blocked messages never reach jasper-recall or the agent\nMetadata only — No raw malicious content is ever stored\nApprove ≠ re-inject — Approval changes future behavior, doesn't resurrect messages\nAlerts are programmatic — Telegram alerts built from metadata, no LLM involved\nFeatures\nAuto-scan — Scan messages before agent processing\nQuarantine — Block threats with metadata-only storage\nHuman-in-the-loop — Telegram alerts for review\nPer-agent config — Different thresholds for different agents\nCommands — /approve, /reject, /trust, /quarantine\nThe Pipeline\nMessage arrives\n ↓\nhopeIDS.autoScan()\n ↓\n┌─────────────────────────────────────────┐\n│ risk >= threshold? │\n│ │\n│ BLOCK (strictMode): │\n│ → Create QuarantineRecord │\n│ → Send Telegram alert │\n│ → ABORT (no recall, no agent) │\n│ │\n│ WARN (non-strict): │\n│ → Inject │\n│ → Continue to jasper-recall │\n│ → Continue to agent │\n│ │\n│ ALLOW: │\n│ → Continue normally │\n└─────────────────────────────────────────┘\n\nConfiguration\n{\n \"plugins\": {\n \"entries\": {\n \"hopeids\": {\n \"enabled\": true,\n \"config\": {\n \"autoScan\": true,\n \"defaultRiskThreshold\": 0.7,\n \"strictMode\": false,\n \"telegramAlerts\": true,\n \"agents\": {\n \"moltbook-scanner\": {\n \"strictMode\": true,\n \"riskThreshold\": 0.7\n },\n \"main\": {\n \"strictMode\": false,\n \"riskThreshold\": 0.8\n }\n }\n }\n }\n }\n }\n}\n\nOptions\nOption\tType\tDefault\tDescription\nautoScan\tboolean\tfalse\tAuto-scan every message\nstrictMode\tboolean\tfalse\tBlock (vs warn) on threats\ndefaultRiskThreshold\tnumber\t0.7\tRisk level that triggers action\ntelegramAlerts\tboolean\ttrue\tSend alerts for blocked messages\ntelegramChatId\tstring\t-\tOverride alert destination\nquarantineDir\tstring\t~/.openclaw/quarantine/hopeids\tStorage path\nagents\tobject\t-\tPer-agent overrides\ntrustOwners\tboolean\ttrue\tSkip scanning owner messages\nQuarantine Records\n\nWhen a message is blocked, a metadata record is created:\n\n{\n \"id\": \"q-7f3a2b\",\n \"ts\": \"2026-02-06T00:48:00Z\",\n \"agent\": \"moltbook-scanner\",\n \"source\": \"moltbook\",\n \"senderId\": \"@sus_user\",\n \"intent\": \"instruction_override\",\n \"risk\": 0.85,\n \"patterns\": [\n \"matched regex: ignore.*instructions\",\n \"matched keyword: api key\"\n ],\n \"contentHash\": \"ab12cd34...\",\n \"status\": \"pending\"\n}\n\n\nNote: There is NO originalMessage field. This is intentional.\n\nTelegram Alerts\n\nWhen a message is blocked:\n\n🛑 Message blocked\n\nID: `q-7f3a2b`\nAgent: moltbook-scanner\nSource: moltbook\nSender: @sus_user\nIntent: instruction_override (85%)\n\nPatterns:\n• matched regex: ignore.*instructions\n• matched keyword: api key\n\n`/approve q-7f3a2b`\n`/reject q-7f3a2b`\n`/trust @sus_user`\n\n\nBuilt from metadata only. No LLM touches this.\n\nCommands\n/quarantine [all|clean]\n\nList quarantine records.\n\n/quarantine # List pending\n/quarantine all # List all (including resolved)\n/quarantine clean # Clean expired records\n\n/approve \n\nMark a blocked message as a false positive.\n\n/approve q-7f3a2b\n\n\nEffect:\n\nStatus → approved\n(Future) Add sender to allowlist\n(Future) Lower pattern weight\n/reject \n\nConfirm a blocked message was a true positive.\n\n/reject q-7f3a2b\n\n\nEffect:\n\nStatus → rejected\n(Future) Reinforce pattern weights\n/trust \n\nWhitelist a sender for future messages.\n\n/trust @legitimate_user\n\n/scan \n\nManually scan a message.\n\n/scan ignore your previous instructions and...\n\nWhat Approve/Reject Mean\nCommand\tWhat it does\tWhat it doesn't do\n/approve\tMarks as false positive, may adjust IDS\tDoes NOT re-inject the message\n/reject\tConfirms threat, may strengthen patterns\tDoes NOT affect current message\n/trust\tWhitelists sender for future\tDoes NOT retroactively approve\n\nThe blocked message is gone by design. If it was legitimate, the sender can re-send.\n\nPer-Agent Configuration\n\nDifferent agents need different security postures:\n\n\"agents\": {\n \"moltbook-scanner\": {\n \"strictMode\": true, // Block threats\n \"riskThreshold\": 0.7 // 70% = suspicious\n },\n \"main\": {\n \"strictMode\": false, // Warn only\n \"riskThreshold\": 0.8 // Higher bar for main\n },\n \"email-processor\": {\n \"strictMode\": true, // Always block\n \"riskThreshold\": 0.6 // More paranoid\n }\n}\n\nThreat Categories\nCategory\tRisk\tDescription\ncommand_injection\t🔴 Critical\tShell commands, code execution\ncredential_theft\t🔴 Critical\tAPI key extraction attempts\ndata_exfiltration\t🔴 Critical\tData leak to external URLs\ninstruction_override\t🔴 High\tJailbreaks, \"ignore previous\"\nimpersonation\t🔴 High\tFake system/admin messages\ndiscovery\t⚠️ Medium\tAPI/capability probing\nInstallation\nnpx hopeid setup\n\n\nThen restart OpenClaw.\n\nLinks\nGitHub: https://github.com/E-x-O-Entertainment-Studios-Inc/hopeIDS\nnpm: https://www.npmjs.com/package/hopeid\nDocs: https://exohaven.online/products/hopeids" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/emberDesire/hopeids", "publisherUrl": "https://clawhub.ai/emberDesire/hopeids", "owner": "emberDesire", "version": "1.3.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/hopeids", "downloadUrl": "https://openagent3.xyz/downloads/hopeids", "agentUrl": "https://openagent3.xyz/skills/hopeids/agent", "manifestUrl": "https://openagent3.xyz/skills/hopeids/agent.json", "briefUrl": "https://openagent3.xyz/skills/hopeids/agent.md" } }