概述

PromptDome × OpenClaw

> API key required — Get yours free at https://promptdome.cyberforge.one/dashboard/api-keys

> (Sign up → Dashboard → API Keys → Create Key)

Adds automatic prompt injection detection to any OpenClaw agent. Two components work together:

Component	What it does	When it fires
---	---	---
`promptdome-gate` hook	Auto-scans every incoming message; injects ⚠️ warning if injection detected	Every `message:received` — zero agent code required
`promptdome_scan` tool	Explicit scan agent can call on any content	On demand — web content, files, tool outputs

Quick Setup (60 seconds)

bash skills/promptdome/scripts/setup.sh --api-key sk_shield_live_YOUR_KEY

That's it. The script:

Tests your API key against the PromptDome API
Installs promptdome-gate hook → ~/.openclaw/hooks/promptdome-gate/
Installs promptdome_scan plugin → ~/.openclaw/extensions/promptdome/
Saves API key to openclaw.json env block
Enables the hook automatically
Prompts you to restart the gateway

Get an API key: https://promptdome.cyberforge.one/dashboard/api-keys

Manual Setup

1. Copy files

# Hook (auto-scanning)
mkdir -p ~/.openclaw/hooks/promptdome-gate
cp skills/promptdome/hook/HOOK.md   ~/.openclaw/hooks/promptdome-gate/
cp skills/promptdome/hook/handler.ts ~/.openclaw/hooks/promptdome-gate/

# Plugin (explicit tool)
mkdir -p ~/.openclaw/extensions/promptdome
cp skills/promptdome/plugin/index.ts ~/.openclaw/extensions/promptdome/

2. Set API key

Add to ~/.openclaw/openclaw.json:

{
  "env": {
    "PROMPTDOME_API_KEY": "sk_shield_live_YOUR_KEY"
  }
}

Or set PROMPTDOME_API_KEY in your shell environment.

3. Enable hook and restart

openclaw hooks enable promptdome-gate
openclaw gateway restart

What Happens After Install

Every incoming message → scanned automatically before the model processes it
BLOCK (score ≥ 70): [PROMPTDOME BLOCK] warning injected into conversation
WARN (score ≥ 40): Soft caution note injected
ALLOW: Silent — no overhead in conversation history
Scan log: ~/.openclaw/logs/promptdome-gate.log
Fail-open: if API is unreachable, messages pass through unblocked

Using the Agent Tool

Enable promptdome_scan in your agent's tool allowlist:

{
  "agents": {
    "list": [{ "id": "main", "tools": { "allow": ["promptdome_scan"] } }]
  }
}

Then agents call it like any tool — before processing web fetches, search results, uploaded files, or any external content.

Self-Hosted PromptDome

Override the API endpoint:

{
  "env": {
    "PROMPTDOME_API_KEY": "sk_shield_live_...",
    "PROMPTDOME_API_URL": "https://your-instance.com/api/v1/shield"
  }
}

Detection Coverage

PromptDome engine covers 32 attack categories including:

Prompt injection & jailbreaks
Fake system events / gateway spoofing
PII & credential exfiltration
ClickFix / social engineering
HTML/DOM injection (browser agents)
Agentic chain poisoning
Multilingual evasion (18 languages)

Full category list: https://promptdome.cyberforge.one/docs

版本历史

共 1 个版本

v1.3.1 当前

2026-03-30 01:09 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)