zugashield

7-layer AI security scanner for OpenClaw. Blocks prompt injection, SSRF, command injection, data leakage, and memory poisoning across ALL channels (Signal, Telegram, Discord, WhatsApp, web) simultaneously.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "zugashield" with this command: npx skills add Zuga-luga/zugashield

ZugaShield Security Scanner

7-layer AI security scanning plugin for OpenClaw. Protects all channels simultaneously by hooking into the Gateway — the single chokepoint for all traffic.

What It Blocks

AttackHookDetection
Prompt injectionpreRequest150+ signatures, unicode smuggling, encoding evasion
SSRF / Command injectionpreToolExecutionCloud metadata URLs, shell metacharacters (always fail-closed)
Secret / PII leakagepreResponseAPI keys, tokens, credentials, high-entropy strings
Memory poisoningpreRecallEmbedded instructions, sleeper payloads in recalled memories
DNS exfiltrationpreResponseHigh-entropy subdomains, data-in-DNS patterns
Path traversalpreToolExecutionDirectory traversal sequences, symlink attacks

Install

pip install "zugashield[mcp]"
npm install zugashield-openclaw-plugin
openclaw plugins install ./node_modules/zugashield-openclaw-plugin
openclaw restart

Verify

/shield status

Should show: CONNECTED with 7 active layers.

Configuration

In openclaw.json under plugins.entries.openclaw-plugin.config:

  • fail_closed (default: true) — Block requests when scanner is down
  • strict_mode (default: false) — Block medium+ threats (not just high/critical)
  • scan.inputs / scan.outputs / scan.tool_calls / scan.memory — Toggle individual hooks

How It Works

ZugaShield spawns a Python MCP server as a managed child process. Each message, tool call, and response passes through the scanner in <15ms. The plugin uses OpenClaw's Gateway hooks, meaning one install protects Signal + Telegram + Discord + WhatsApp + web simultaneously.

Tool calls are always fail-closed regardless of configuration — SSRF and command injection are too dangerous to allow through even temporarily.

Links

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

AgentShield Scanner

Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for...

Registry SourceRecently Updated
3130Profile unavailable
Security

AxonFlow Governance Policies

Govern OpenClaw with AxonFlow — block dangerous commands, detect PII, prevent data exfiltration, protect agent config files, explain policy decisions, grant...

Registry SourceRecently Updated
2371Profile unavailable
Security

VeridicusScan MCP Analyst

Use when the user wants to inspect a prompt, local file, or public HTTPS URL with VeridicusScan through its MCP bridge, triage prompt-injection or hidden-ins...

Registry SourceRecently Updated
2950Profile unavailable
Security

ClawProof Security Scanner

Enterprise-grade security for OpenClaw - blocks malicious skills, detects hallucinated packages, and prevents prompt injection attacks. Powered by agent-secu...

Registry SourceRecently Updated
4590Profile unavailable