全部技能 分类浏览
← 返回
安全合规 中文

Vigil

AI agent safety guardrails for tool calls. Use when (1) you want to validate agent tool calls before execution, (2) building agents that run shell commands, file operations, or API calls, (3) adding a safety layer to any MCP server or agent framework, (4) auditing what your agents are doing. Catches destructive commands, SSRF, SQL injection, path traversal, data exfiltration, prompt injection, and credential leaks. Zero dependencies, under 2ms.
AI代理工具调用安全防护栏。适用场景:(1)需要在执行前验证代理工具调用;(2)构建运行shell命令、文件操作或API调用的代理;(3)为任何MCP服务器或代理框架添加安全层;(4)审计代理行为。可拦截破坏性命令、SSRF、SQL注入、路径遍历、数据泄露、提示注入和凭证泄露。零依赖,延迟低于2毫秒。
robinoppenstam
安全合规 clawhub v0.1.1 1 版本 99782.3 Key: 无需
★ 0
Stars
📥 1,375
下载
💾 26
安装
1
版本
#agents#guardrails#latest#mcp#safety#security

概述

Vigil — Agent Safety Guardrails

Validates what AI agents DO, not what they SAY. Drop-in safety layer for any tool-calling agent.

Prerequisites

This skill requires the vigil-agent-safety npm package (12.3KB, Apache 2.0 license):

npm install vigil-agent-safety
  • Source code: https://github.com/hexitlabs/vigil
  • npm: https://www.npmjs.com/package/vigil-agent-safety
  • The npm package has zero runtime dependencies. This skill is a wrapper that calls that package.

Quick Start

import { checkAction } from 'vigil-agent-safety';

const result = checkAction({
  agent: 'my-agent',
  tool: 'exec',
  params: { command: 'rm -rf /' },
});

// result.decision === "BLOCK"
// result.reason === "Destructive command pattern"
// result.latencyMs === 0.3

What It Catches

  • Destructive commands (rm -rf, mkfs, reverse shells) → BLOCK
  • SSRF (metadata endpoints, localhost, internal IPs) → BLOCK
  • Data exfiltration (curl to external, .ssh/id_rsa access) → BLOCK
  • SQL injection (DROP TABLE, UNION SELECT) → BLOCK
  • Path traversal (../../../etc/shadow) → BLOCK
  • Prompt injection (ignore instructions, [INST] tags) → BLOCK
  • Encoding attacks (base64 decode, eval(atob())) → BLOCK
  • Credential leaks (API keys, AWS keys, tokens) → ESCALATE

22 rules. Zero dependencies. Under 2ms per check.

Modes

import { configure } from 'vigil-agent-safety';

// warn = log violations but don't block (recommended to start)
configure({ mode: 'warn' });

// enforce = block dangerous calls
configure({ mode: 'enforce' });

// log = silent logging only
configure({ mode: 'log' });

Use with Clawdbot

Add Vigil as a safety layer for your agent tool calls. The scripts/vigil-check.js wrapper lets you validate from the command line:

# Check a tool call
node scripts/vigil-check.js exec '{"command":"rm -rf /"}'
# → BLOCK: Destructive command pattern

# Check a safe call
node scripts/vigil-check.js read '{"path":"./README.md"}'
# → ALLOW

Policies

Load built-in policy templates:

import { loadPolicy } from 'vigil-agent-safety';

loadPolicy('restrictive');  // Tightest rules
loadPolicy('moderate');     // Balanced (default)
loadPolicy('permissive');   // Minimal blocking

CLI

npx vigil-agent-safety check --tool exec --params '{"command":"ls -la"}'
npx vigil-agent-safety policies

Links

  • GitHub: https://github.com/hexitlabs/vigil
  • npm: https://www.npmjs.com/package/vigil-agent-safety
  • Docs: https://hexitlabs.com/vigil

版本历史

共 1 个版本

  • v0.1.1 当前
    2026-03-29 01:31 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

security-compliance

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 31,137
security-compliance

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 89 📥 30,590
security-compliance

Skill Vetter

spclaudehome
AI智能体技能安全预审工具。安装ClawdHub、GitHub等来源技能前,检查风险信号、权限范围及可疑模式。
★ 1,211 📥 266,210

Skill工具集 © 2026