🔍
12917 skills
← All skills
Tencent SkillHub · Productivity

Openclaw Bastion

Prompt injection defense for agent workspaces. Scan files for injection attempts, analyze content boundaries, detect hidden instructions, and maintain command allowlists. Free alert layer — upgrade to openclaw-bastion-pro for active blocking, sanitization, and runtime enforcement.

skill openclawclawhub Free
0 Downloads
0 Stars
0 Installs
0 Score
High Signal

Prompt injection defense for agent workspaces. Scan files for injection attempts, analyze content boundaries, detect hidden instructions, and maintain command allowlists. Free alert layer — upgrade to openclaw-bastion-pro for active blocking, sanitization, and runtime enforcement.

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup
  1. Download the package from Yavira.
  2. Extract the archive and review SKILL.md first.
  3. Import or place the package into your OpenClaw setup.

Requirements

Target platform
OpenClaw
Install method
Manual import
Extraction
Extract archive
Prerequisites
OpenClaw
Primary doc
SKILL.md

Package facts

Download mode
Yavira redirect
Package format
ZIP package
Source platform
Tencent SkillHub
What's included
README.md, scripts/bastion.py, SKILL.md

Validation

  • Use the Yavira download entry.
  • Review SKILL.md after the package is downloaded.
  • Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

  1. Download the package from Yavira.
  2. Extract it into a folder your agent can access.
  3. Paste one of the prompts below and point your agent at the extracted folder.
New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source
Tencent SkillHub
Verification
Indexed source record
Version
1.0.2

Documentation

ClawHub primary doc Primary doc: SKILL.md 13 sections Open source page

OpenClaw Bastion

Runtime prompt injection defense for agent workspaces. While other tools watch workspace identity files, Bastion protects the input/output boundary — the files being read by the agent, web content, API responses, and user-supplied documents.

Why This Matters

Agents process content from many sources: local files, API responses, web pages, user uploads. Any of these can contain prompt injection attacks — hidden instructions that manipulate agent behavior. Bastion scans this content before the agent acts on it.

Scan for Injections

Scan files or directories for prompt injection patterns. Detects instruction overrides, system prompt markers, hidden Unicode, markdown exfiltration, HTML injection, shell injection, encoded payloads, delimiter confusion, multi-turn manipulation, and dangerous commands. If no target is specified, scans the entire workspace. python3 {baseDir}/scripts/bastion.py scan Scan a specific file or directory: python3 {baseDir}/scripts/bastion.py scan path/to/file.md python3 {baseDir}/scripts/bastion.py scan path/to/directory/

Quick File Check

Fast single-file injection check. Same detection patterns as scan, targeted to one file. python3 {baseDir}/scripts/bastion.py check path/to/file.md

Boundary Analysis

Analyze content boundary safety across the workspace. Identifies: Agent instruction files that contain mixed trusted/untrusted content Writable instruction files (attack surface for compromised skills) Blast radius assessment for each critical file python3 {baseDir}/scripts/bastion.py boundaries

Command Allowlist

Display the current command allowlist and blocklist policy. Creates a default .bastion-policy.json if none exists. python3 {baseDir}/scripts/bastion.py allowlist python3 {baseDir}/scripts/bastion.py allowlist --show The policy file defines which commands are considered safe and which patterns are blocked. Edit the JSON file directly to customize. Bastion Pro enforces this policy at runtime via hooks.

Status

Quick summary of workspace injection defense posture: files scanned, findings by severity, boundary safety, and overall posture rating. python3 {baseDir}/scripts/bastion.py status

Workspace Auto-Detection

If --workspace is omitted, the script tries: OPENCLAW_WORKSPACE environment variable Current directory (if AGENTS.md exists) ~/.openclaw/workspace (default)

What Gets Detected

CategoryPatternsSeverityInstruction override"ignore previous", "disregard above", "you are now", "new system prompt", "forget your instructions", "override safety", "act as if no restrictions", "entering developer mode"CRITICALSystem prompt markers<system>, [SYSTEM], <<SYS>>, <|im_start|>system, [INST], ### System:CRITICALHidden instructionsMulti-turn manipulation ("in your next response, you must"), stealth patterns ("do not tell the user")CRITICALHTML injection<script>, <iframe>, <img onerror=>, hidden divs, <svg onload=>CRITICALMarkdown exfiltrationImage tags with encoded data in URLsCRITICALDangerous commandscurl | bash, wget | sh, rm -rf /, fork bombsCRITICALUnicode tricksZero-width characters, RTL overrides, invisible formattingWARNINGHomoglyph substitutionCyrillic/Latin lookalikes mixed into ASCII textWARNINGBase64 payloadsLarge encoded blobs outside code blocksWARNINGShell injection$(command) subshell execution outside code blocksWARNINGDelimiter confusionFake code block boundaries with injection contentWARNING

Context-Aware Scanning

Patterns inside fenced code blocks (```) are skipped to avoid false positives Per-file risk scoring based on finding count and severity Self-exclusion: Bastion skips its own skill files (which describe injection patterns)

Exit Codes

CodeMeaning0Clean, no issues1Warnings detected (review recommended)2Critical findings (action needed)

No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.

Category context

Workflow acceleration for inboxes, docs, calendars, planning, and execution loops.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package
2 Docs1 Scripts
  • SKILL.md Primary doc
  • README.md Docs
  • scripts/bastion.py Scripts

Related skills

readyClaw Free
Featured

Data Intelligence Architect

Build decision infrastructure, not dashboards

Frames analytics as decision infrastructure, focusing on the timing and quality of questions rather than vanity reporting.

Productivity agent claude
souls.zip Free
Featured

Startup Launcher Skill

Launch workflow automation across 56 platforms

Launch across 56 platforms with platform-specific guides, timing, copy generation, and campaign management.

Productivity skill openclaw
souls.zip Free

Don't Make Mistakes

Meta-skill for elevated quality mode

A meta-skill that raises quality expectations across agent work by pushing more careful, deliberate execution.

Productivity skill openclaw