泰途AI 泰途AISkill 市场

ZugaShield Security Scanner

TotalClaw 作者 Zuga-luga v0.1.1

适用于 OpenClaw 的 7 层 AI 安全扫描器。同时阻止所有通道(Signal、Telegram、Discord、WhatsApp、Web)上的提示注入、SSRF、命令注入、数据泄漏和内存中毒。

源码 ↗

安装 / 下载方式

TotalClaw CLI推荐
totalclaw install totalclaw:zuga-luga~zuga-luga-zugashield
cURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/totalclaw%3Azuga-luga~zuga-luga-zugashield/file -o zuga-luga-zugashield.md
Git 仓库获取源码
git clone https://github.com/openclaw/skills/commit/269bf65503e1d85ab53c592002830132e8e7c5e1
## 概述(中文)

适用于 OpenClaw 的 7 层 AI 安全扫描器。同时阻止所有通道(Signal、Telegram、Discord、WhatsApp、Web)上的提示注入、SSRF、命令注入、数据泄漏和内存中毒。

## 原文

# ZugaShield Security Scanner

7-layer AI security scanning plugin for OpenClaw. Protects all channels simultaneously by hooking into the Gateway — the single chokepoint for all traffic.

## What It Blocks

| Attack | Hook | Detection |
|--------|------|-----------|
| Prompt injection | preRequest | 150+ signatures, unicode smuggling, encoding evasion |
| SSRF / Command injection | preToolExecution | Cloud metadata URLs, shell metacharacters (always fail-closed) |
| Secret / PII leakage | preResponse | API keys, tokens, credentials, high-entropy strings |
| Memory poisoning | preRecall | Embedded instructions, sleeper payloads in recalled memories |
| DNS exfiltration | preResponse | High-entropy subdomains, data-in-DNS patterns |
| Path traversal | preToolExecution | Directory traversal sequences, symlink attacks |

## Install

```bash
pip install "zugashield[mcp]"
npm install zugashield-openclaw-plugin
openclaw plugins install ./node_modules/zugashield-openclaw-plugin
openclaw restart
```

## Verify

```
/shield status
```

Should show: `CONNECTED` with 7 active layers.

## Configuration

In `openclaw.json` under `plugins.entries.openclaw-plugin.config`:

- `fail_closed` (default: true) — Block requests when scanner is down
- `strict_mode` (default: false) — Block medium+ threats (not just high/critical)
- `scan.inputs` / `scan.outputs` / `scan.tool_calls` / `scan.memory` — Toggle individual hooks

## How It Works

ZugaShield spawns a Python MCP server as a managed child process. Each message, tool call, and response passes through the scanner in <15ms. The plugin uses OpenClaw's Gateway hooks, meaning one install protects Signal + Telegram + Discord + WhatsApp + web simultaneously.

Tool calls are **always fail-closed** regardless of configuration — SSRF and command injection are too dangerous to allow through even temporarily.

## Links

- [GitHub](https://github.com/Zuga-luga/ZugaShield)
- [npm](https://www.npmjs.com/package/zugashield-openclaw-plugin)
- [PyPI](https://pypi.org/project/zugashield/)