The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains an extensive library of regex patterns used to identify and block prompt injection attacks, including instruction overrides, role-play manipulation, and system prompt mimicry. These patterns are defensive and are used strictly for input validation in the scripts/detect.py engine.
[COMMAND_EXECUTION]: The scripts/audit.py utility includes functionality to update file permissions via os.chmod. This is used as a security hardening measure to ensure that the agent's configuration directory and sensitive files are restricted to the owner (modes 700 and 600).
[DATA_EXFILTRATION]: The security audit script reads local configuration files (e.g., ~/.clawdbot/clawdbot.json) and system SSH settings to verify security posture. This data is processed locally to generate security reports and is not transmitted over the network.
[SAFE]: All identified behaviors are consistent with the skill's documented purpose as a security and auditing tool. No evidence of obfuscation, unauthorized remote code execution, or data exfiltration was found.

prompt-guard