The Agent Skills Directory

[SAFE]: The skill functions as a security auditing framework. It contains numerous malicious command patterns (e.g., bash reverse shells, python socket code, curl-based exfiltration) which are explicitly documented as detection signatures for threat monitoring.
[PROMPT_INJECTION]: Documentation includes examples of prompt injection techniques (e.g., 'Ignore previous instructions', 'You are now a [role]') specifically to train the agent to recognize and flag such attempts in command logs and inputs.
[COMMAND_EXECUTION]: Lists a wide range of dangerous shell commands used for reverse shells, persistence (crontab modification, authorized_keys writes), and credential theft as targets for its pattern-matching engine.
[DATA_EXFILTRATION]: Provides rules for detecting data staging and exfiltration attempts, such as encoding sensitive files via base64 or sending credentials through URL parameters.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted data (logs, shell history, and documents). Ingestion points: Functions like scan_prompt_injection and detect_indirect_injection in references/tools.md. Boundary markers: No explicit delimiters or boundary instructions are defined in the workflow for separating data from instructions. Capability inventory: Access to shell tools like grep, node, and sha256sum as defined in SKILL.md. Sanitization: No evidence of data sanitization or escaping is provided; the skill relies on pattern matching to identify threats.

openclaw-threat-detect