PromptDome × OpenClaw
API key required — Get yours free at https://promptdome.cyberforge.one/dashboard/api-keys (Sign up → Dashboard → API Keys → Create Key)
Adds automatic prompt injection detection to any OpenClaw agent. Two components work together:
| Component | What it does | When it fires |
|---|---|---|
promptdome-gate hook | Auto-scans every incoming message; injects ⚠️ warning if injection detected | Every message:received — zero agent code required |
promptdome_scan tool | Explicit scan agent can call on any content | On demand — web content, files, tool outputs |
Quick Setup (60 seconds)
bash skills/promptdome/scripts/setup.sh --api-key sk_shield_live_YOUR_KEY
That's it. The script:
- Tests your API key against the PromptDome API
- Installs
promptdome-gatehook →~/.openclaw/hooks/promptdome-gate/ - Installs
promptdome_scanplugin →~/.openclaw/extensions/promptdome/ - Saves API key to
openclaw.jsonenv block - Enables the hook automatically
- Prompts you to restart the gateway
Get an API key: https://promptdome.cyberforge.one/dashboard/api-keys
Manual Setup
1. Copy files
# Hook (auto-scanning)
mkdir -p ~/.openclaw/hooks/promptdome-gate
cp skills/promptdome/hook/HOOK.md ~/.openclaw/hooks/promptdome-gate/
cp skills/promptdome/hook/handler.ts ~/.openclaw/hooks/promptdome-gate/
# Plugin (explicit tool)
mkdir -p ~/.openclaw/extensions/promptdome
cp skills/promptdome/plugin/index.ts ~/.openclaw/extensions/promptdome/
2. Set API key
Add to ~/.openclaw/openclaw.json:
{
"env": {
"PROMPTDOME_API_KEY": "sk_shield_live_YOUR_KEY"
}
}
Or set PROMPTDOME_API_KEY in your shell environment.
3. Enable hook and restart
openclaw hooks enable promptdome-gate
openclaw gateway restart
What Happens After Install
- Every incoming message → scanned automatically before the model processes it
- BLOCK (score ≥ 70):
[PROMPTDOME BLOCK]warning injected into conversation - WARN (score ≥ 40): Soft caution note injected
- ALLOW: Silent — no overhead in conversation history
- Scan log:
~/.openclaw/logs/promptdome-gate.log - Fail-open: if API is unreachable, messages pass through unblocked
Using the Agent Tool
Enable promptdome_scan in your agent's tool allowlist:
{
"agents": {
"list": [{ "id": "main", "tools": { "allow": ["promptdome_scan"] } }]
}
}
Then agents call it like any tool — before processing web fetches, search results, uploaded files, or any external content.
Self-Hosted PromptDome
Override the API endpoint:
{
"env": {
"PROMPTDOME_API_KEY": "sk_shield_live_...",
"PROMPTDOME_API_URL": "https://your-instance.com/api/v1/shield"
}
}
Detection Coverage
PromptDome engine covers 32 attack categories including:
- Prompt injection & jailbreaks
- Fake system events / gateway spoofing
- PII & credential exfiltration
- ClickFix / social engineering
- HTML/DOM injection (browser agents)
- Agentic chain poisoning
- Multilingual evasion (18 languages)
Full category list: https://promptdome.cyberforge.one/docs