Installation

clawhub install zuga-luga/zugashield

Summary

7-layer AI security scanning plugin for OpenClaw. Protects all channels simultaneously by hooking into the Gateway — the single chokepoint for all traffic.

SKILL.md

ZugaShield Security Scanner

7-layer AI security scanning plugin for OpenClaw. Protects all channels simultaneously by hooking into the Gateway — the single chokepoint for all traffic.

What It Blocks

AttackHookDetection
Prompt injectionpreRequest150+ signatures, unicode smuggling, encoding evasion
SSRF / Command injectionpreToolExecutionCloud metadata URLs, shell metacharacters (always fail-closed)
Secret / PII leakagepreResponseAPI keys, tokens, credentials, high-entropy strings
Memory poisoningpreRecallEmbedded instructions, sleeper payloads in recalled memories
DNS exfiltrationpreResponseHigh-entropy subdomains, data-in-DNS patterns
Path traversalpreToolExecutionDirectory traversal sequences, symlink attacks

Install

bash
pip install "zugashield[mcp]"
npm install zugashield-openclaw-plugin
openclaw plugins install ./node_modules/zugashield-openclaw-plugin
openclaw restart

Verify

text
/shield status

Should show: CONNECTED with 7 active layers.

Configuration

In openclaw.json under plugins.entries.openclaw-plugin.config:

  • fail_closed (default: true) — Block requests when scanner is down
  • strict_mode (default: false) — Block medium+ threats (not just high/critical)
  • scan.inputs / scan.outputs / scan.tool_calls / scan.memory — Toggle individual hooks

How It Works

ZugaShield spawns a Python MCP server as a managed child process. Each message, tool call, and response passes through the scanner in <15ms. The plugin uses OpenClaw's Gateway hooks, meaning one install protects Signal + Telegram + Discord + WhatsApp + web simultaneously.

Tool calls are always fail-closed regardless of configuration — SSRF and command injection are too dangerous to allow through even temporarily.

Links

Recommended skills

Browse all →