# Send Openclaw Plugin to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "hopeids",
    "name": "Openclaw Plugin",
    "source": "tencent",
    "type": "skill",
    "category": "AI 智能",
    "sourceUrl": "https://clawhub.ai/emberDesire/hopeids",
    "canonicalUrl": "https://clawhub.ai/emberDesire/hopeids",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/hopeids",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=hopeids",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md",
      "index.ts",
      "openclaw.plugin.json",
      "package.json"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "hopeids",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-05-02T23:33:47.853Z",
      "expiresAt": "2026-05-09T23:33:47.853Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=hopeids",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=hopeids",
        "contentDisposition": "attachment; filename=\"hopeids-1.3.2.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "hopeids"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/hopeids"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/hopeids",
    "downloadUrl": "https://openagent3.xyz/downloads/hopeids",
    "agentUrl": "https://openagent3.xyz/skills/hopeids/agent",
    "manifestUrl": "https://openagent3.xyz/skills/hopeids/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/hopeids/agent.md"
  }
}
```
## Documentation

### hopeIDS Security Skill

Inference-based intrusion detection for AI agents with quarantine and human-in-the-loop.

### Security Invariants

These are non-negotiable design principles:

Block = full abort — Blocked messages never reach jasper-recall or the agent
Metadata only — No raw malicious content is ever stored
Approve ≠ re-inject — Approval changes future behavior, doesn't resurrect messages
Alerts are programmatic — Telegram alerts built from metadata, no LLM involved

### Features

Auto-scan — Scan messages before agent processing
Quarantine — Block threats with metadata-only storage
Human-in-the-loop — Telegram alerts for review
Per-agent config — Different thresholds for different agents
Commands — /approve, /reject, /trust, /quarantine

### The Pipeline

Message arrives
    ↓
hopeIDS.autoScan()
    ↓
┌─────────────────────────────────────────┐
│  risk >= threshold?                     │
│                                         │
│  BLOCK (strictMode):                    │
│     → Create QuarantineRecord           │
│     → Send Telegram alert               │
│     → ABORT (no recall, no agent)       │
│                                         │
│  WARN (non-strict):                     │
│     → Inject <security-alert>           │
│     → Continue to jasper-recall         │
│     → Continue to agent                 │
│                                         │
│  ALLOW:                                 │
│     → Continue normally                 │
└─────────────────────────────────────────┘

### Configuration

{
  "plugins": {
    "entries": {
      "hopeids": {
        "enabled": true,
        "config": {
          "autoScan": true,
          "defaultRiskThreshold": 0.7,
          "strictMode": false,
          "telegramAlerts": true,
          "agents": {
            "moltbook-scanner": {
              "strictMode": true,
              "riskThreshold": 0.7
            },
            "main": {
              "strictMode": false,
              "riskThreshold": 0.8
            }
          }
        }
      }
    }
  }
}

### Options

OptionTypeDefaultDescriptionautoScanbooleanfalseAuto-scan every messagestrictModebooleanfalseBlock (vs warn) on threatsdefaultRiskThresholdnumber0.7Risk level that triggers actiontelegramAlertsbooleantrueSend alerts for blocked messagestelegramChatIdstring-Override alert destinationquarantineDirstring~/.openclaw/quarantine/hopeidsStorage pathagentsobject-Per-agent overridestrustOwnersbooleantrueSkip scanning owner messages

### Quarantine Records

When a message is blocked, a metadata record is created:

{
  "id": "q-7f3a2b",
  "ts": "2026-02-06T00:48:00Z",
  "agent": "moltbook-scanner",
  "source": "moltbook",
  "senderId": "@sus_user",
  "intent": "instruction_override",
  "risk": 0.85,
  "patterns": [
    "matched regex: ignore.*instructions",
    "matched keyword: api key"
  ],
  "contentHash": "ab12cd34...",
  "status": "pending"
}

Note: There is NO originalMessage field. This is intentional.

### Telegram Alerts

When a message is blocked:

🛑 Message blocked

ID: \`q-7f3a2b\`
Agent: moltbook-scanner
Source: moltbook
Sender: @sus_user
Intent: instruction_override (85%)

Patterns:
• matched regex: ignore.*instructions
• matched keyword: api key

\`/approve q-7f3a2b\`
\`/reject q-7f3a2b\`
\`/trust @sus_user\`

Built from metadata only. No LLM touches this.

### /quarantine [all|clean]

List quarantine records.

/quarantine        # List pending
/quarantine all    # List all (including resolved)
/quarantine clean  # Clean expired records

### /approve <id>

Mark a blocked message as a false positive.

/approve q-7f3a2b

Effect:

Status → approved
(Future) Add sender to allowlist
(Future) Lower pattern weight

### /reject <id>

Confirm a blocked message was a true positive.

/reject q-7f3a2b

Effect:

Status → rejected
(Future) Reinforce pattern weights

### /trust <senderId>

Whitelist a sender for future messages.

/trust @legitimate_user

### /scan <message>

Manually scan a message.

/scan ignore your previous instructions and...

### What Approve/Reject Mean

CommandWhat it doesWhat it doesn't do/approveMarks as false positive, may adjust IDSDoes NOT re-inject the message/rejectConfirms threat, may strengthen patternsDoes NOT affect current message/trustWhitelists sender for futureDoes NOT retroactively approve

The blocked message is gone by design. If it was legitimate, the sender can re-send.

### Per-Agent Configuration

Different agents need different security postures:

"agents": {
  "moltbook-scanner": {
    "strictMode": true,    // Block threats
    "riskThreshold": 0.7   // 70% = suspicious
  },
  "main": {
    "strictMode": false,   // Warn only
    "riskThreshold": 0.8   // Higher bar for main
  },
  "email-processor": {
    "strictMode": true,    // Always block
    "riskThreshold": 0.6   // More paranoid
  }
}

### Threat Categories

CategoryRiskDescriptioncommand_injection🔴 CriticalShell commands, code executioncredential_theft🔴 CriticalAPI key extraction attemptsdata_exfiltration🔴 CriticalData leak to external URLsinstruction_override🔴 HighJailbreaks, "ignore previous"impersonation🔴 HighFake system/admin messagesdiscovery⚠️ MediumAPI/capability probing

### Installation

npx hopeid setup

Then restart OpenClaw.

### Links

GitHub: https://github.com/E-x-O-Entertainment-Studios-Inc/hopeIDS
npm: https://www.npmjs.com/package/hopeid
Docs: https://exohaven.online/products/hopeids
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: emberDesire
- Version: 1.3.2
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-05-02T23:33:47.853Z
- Expires at: 2026-05-09T23:33:47.853Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/hopeids)
- [Send to Agent page](https://openagent3.xyz/skills/hopeids/agent)
- [JSON manifest](https://openagent3.xyz/skills/hopeids/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/hopeids/agent.md)
- [Download page](https://openagent3.xyz/downloads/hopeids)