7-layer AI security scanning plugin for OpenClaw. Protects all channels simultaneously by hooking into the Gateway — the single chokepoint for all traffic.
| Attack | Hook | Detection |
|--------|------|-----------|
| Prompt injection | preRequest | 150+ signatures, unicode smuggling, encoding evasion |
| SSRF / Command injection | preToolExecution | Cloud metadata URLs, shell metacharacters (always fail-closed) |
| Secret / PII leakage | preResponse | API keys, tokens, credentials, high-entropy strings |
| Memory poisoning | preRecall | Embedded instructions, sleeper payloads in recalled memories |
| DNS exfiltration | preResponse | High-entropy subdomains, data-in-DNS patterns |
| Path traversal | preToolExecution | Directory traversal sequences, symlink attacks |
pip install "zugashield[mcp]"
npm install zugashield-openclaw-plugin
openclaw plugins install ./node_modules/zugashield-openclaw-plugin
openclaw restart
/shield status
Should show: CONNECTED with 7 active layers.
In openclaw.json under plugins.entries.openclaw-plugin.config:
fail_closed (default: true) — Block requests when scanner is down
strict_mode (default: false) — Block medium+ threats (not just high/critical)
scan.inputs / scan.outputs / scan.tool_calls / scan.memory — Toggle individual hooks
ZugaShield spawns a Python MCP server as a managed child process. Each message, tool call, and response passes through the scanner in <15ms. The plugin uses OpenClaw's Gateway hooks, meaning one install protects Signal + Telegram + Discord + WhatsApp + web simultaneously.
Tool calls are always fail-closed regardless of configuration — SSRF and command injection are too dangerous to allow through even temporarily.
共 1 个版本