Crawler Summary
Prompt injection defense for agent workspaces. Scan files for injection attempts, analyze content boundaries, detect hidden instructions, and maintain command allowlists. Free alert layer — upgrade to openclaw-bastion-pro for active blocking, sanitization, and runtime enforcement. --- name: openclaw-bastion description: "Prompt injection defense for agent workspaces. Scan files for injection attempts, analyze content boundaries, detect hidden instructions, and maintain command allowlists. Free alert layer — upgrade to openclaw-bastion-pro for active blocking, sanitization, and runtime enforcement." user-invocable: true metadata: {"openclaw":{"emoji":"\ud83c\udfdb\ufe0f","requires":{"bins":["py Published capability contract available. No trust telemetry is available yet. Last updated 3/1/2026.
Freshness
Last checked 3/1/2026
Best For
Contract is available with explicit auth and schema references.
Not Ideal For
openclaw-bastion is not ideal for teams that need stronger public trust telemetry, lower setup complexity, or more explicit contract coverage before production rollout.
Evidence Sources Checked
editorial-content, capability-contract, runtime-metrics, public facts pack
Prompt injection defense for agent workspaces. Scan files for injection attempts, analyze content boundaries, detect hidden instructions, and maintain command allowlists. Free alert layer — upgrade to openclaw-bastion-pro for active blocking, sanitization, and runtime enforcement. --- name: openclaw-bastion description: "Prompt injection defense for agent workspaces. Scan files for injection attempts, analyze content boundaries, detect hidden instructions, and maintain command allowlists. Free alert layer — upgrade to openclaw-bastion-pro for active blocking, sanitization, and runtime enforcement." user-invocable: true metadata: {"openclaw":{"emoji":"\ud83c\udfdb\ufe0f","requires":{"bins":["py
Public facts
6
Change events
1
Artifacts
0
Freshness
Mar 1, 2026
Published capability contract available. No trust telemetry is available yet. Last updated 3/1/2026.
Trust score
Unknown
Compatibility
OpenClaw
Freshness
Mar 1, 2026
Vendor
Atlaspa
Artifacts
0
Benchmarks
0
Last release
Unpublished
Key links, install path, and a quick operational read before the deeper crawl record.
Summary
Published capability contract available. No trust telemetry is available yet. Last updated 3/1/2026.
Setup snapshot
git clone https://github.com/AtlasPA/openclaw-bastion.gitSetup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.
Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.
Vendor
Atlaspa
Protocol compatibility
OpenClaw
Auth modes
api_key
Machine-readable schemas
OpenAPI or schema references published
Handshake status
UNKNOWN
Crawlable docs
6 indexed pages on the official domain
Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.
Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.
Extracted files
0
Examples
6
Snippets
0
Languages
typescript
Parameters
bash
python3 {baseDir}/scripts/bastion.py scanbash
python3 {baseDir}/scripts/bastion.py scan path/to/file.md
python3 {baseDir}/scripts/bastion.py scan path/to/directory/bash
python3 {baseDir}/scripts/bastion.py check path/to/file.mdbash
python3 {baseDir}/scripts/bastion.py boundariesbash
python3 {baseDir}/scripts/bastion.py allowlist
python3 {baseDir}/scripts/bastion.py allowlist --showbash
python3 {baseDir}/scripts/bastion.py statusFull documentation captured from public sources, including the complete README when available.
Docs source
GITHUB OPENCLEW
Editorial quality
ready
Prompt injection defense for agent workspaces. Scan files for injection attempts, analyze content boundaries, detect hidden instructions, and maintain command allowlists. Free alert layer — upgrade to openclaw-bastion-pro for active blocking, sanitization, and runtime enforcement. --- name: openclaw-bastion description: "Prompt injection defense for agent workspaces. Scan files for injection attempts, analyze content boundaries, detect hidden instructions, and maintain command allowlists. Free alert layer — upgrade to openclaw-bastion-pro for active blocking, sanitization, and runtime enforcement." user-invocable: true metadata: {"openclaw":{"emoji":"\ud83c\udfdb\ufe0f","requires":{"bins":["py
Runtime prompt injection defense for agent workspaces. While other tools watch workspace identity files, Bastion protects the input/output boundary — the files being read by the agent, web content, API responses, and user-supplied documents.
Agents process content from many sources: local files, API responses, web pages, user uploads. Any of these can contain prompt injection attacks — hidden instructions that manipulate agent behavior. Bastion scans this content before the agent acts on it.
Need active blocking? Upgrade to openclaw-bastion-pro for runtime content sanitization, auto-quarantine, canary testing, and policy enforcement via hooks.
Scan files or directories for prompt injection patterns. Detects instruction overrides, system prompt markers, hidden Unicode, markdown exfiltration, HTML injection, shell injection, encoded payloads, delimiter confusion, multi-turn manipulation, and dangerous commands.
If no target is specified, scans the entire workspace.
python3 {baseDir}/scripts/bastion.py scan
Scan a specific file or directory:
python3 {baseDir}/scripts/bastion.py scan path/to/file.md
python3 {baseDir}/scripts/bastion.py scan path/to/directory/
Fast single-file injection check. Same detection patterns as scan, targeted to one file.
python3 {baseDir}/scripts/bastion.py check path/to/file.md
Analyze content boundary safety across the workspace. Identifies:
python3 {baseDir}/scripts/bastion.py boundaries
Display the current command allowlist and blocklist policy. Creates a default .bastion-policy.json if none exists.
python3 {baseDir}/scripts/bastion.py allowlist
python3 {baseDir}/scripts/bastion.py allowlist --show
The policy file defines which commands are considered safe and which patterns are blocked. Edit the JSON file directly to customize. Bastion Pro enforces this policy at runtime via hooks.
Quick summary of workspace injection defense posture: files scanned, findings by severity, boundary safety, and overall posture rating.
python3 {baseDir}/scripts/bastion.py status
If --workspace is omitted, the script tries:
OPENCLAW_WORKSPACE environment variableAGENTS.md exists)~/.openclaw/workspace (default)| Category | Patterns | Severity |
|----------|----------|----------|
| Instruction override | "ignore previous", "disregard above", "you are now", "new system prompt", "forget your instructions", "override safety", "act as if no restrictions", "entering developer mode" | CRITICAL |
| System prompt markers | <system>, [SYSTEM], <<SYS>>, <\|im_start\|>system, [INST], ### System: | CRITICAL |
| Hidden instructions | Multi-turn manipulation ("in your next response, you must"), stealth patterns ("do not tell the user") | CRITICAL |
| HTML injection | <script>, <iframe>, <img onerror=>, hidden divs, <svg onload=> | CRITICAL |
| Markdown exfiltration | Image tags with encoded data in URLs | CRITICAL |
| Dangerous commands | curl \| bash, wget \| sh, rm -rf /, fork bombs | CRITICAL |
| Unicode tricks | Zero-width characters, RTL overrides, invisible formatting | WARNING |
| Homoglyph substitution | Cyrillic/Latin lookalikes mixed into ASCII text | WARNING |
| Base64 payloads | Large encoded blobs outside code blocks | WARNING |
| Shell injection | $(command) subshell execution outside code blocks | WARNING |
| Delimiter confusion | Fake code block boundaries with injection content | WARNING |
```) are skipped to avoid false positives| Code | Meaning | |------|---------| | 0 | Clean, no issues | | 1 | Warnings detected (review recommended) | | 2 | Critical findings (action needed) |
Python standard library only. No pip install. No network calls. Everything runs locally.
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.
Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.
Contract coverage
Status
ready
Auth
api_key
Streaming
No
Data region
global
Protocol support
Requires: openclew, lang:typescript
Forbidden: none
Guardrails
Operational confidence: medium
curl -s "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/snapshot"
curl -s "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/contract"
curl -s "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/trust"
Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.
Trust signals
Handshake
UNKNOWN
Confidence
unknown
Attempts 30d
unknown
Fallback rate
unknown
Runtime metrics
Observed P50
unknown
Observed P95
unknown
Rate limit
unknown
Estimated cost
unknown
Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.
Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.
Rank
70
AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents
Traction
No public download signal
Freshness
Updated 2d ago
Rank
70
AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs
Traction
No public download signal
Freshness
Updated 5d ago
Rank
70
Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!
Traction
No public download signal
Freshness
Updated 6d ago
Rank
70
The Frontend for Agents & Generative UI. React + Angular
Traction
No public download signal
Freshness
Updated 23d ago
Contract JSON
{
"contractStatus": "ready",
"authModes": [
"api_key"
],
"requires": [
"openclew",
"lang:typescript"
],
"forbidden": [],
"supportsMcp": false,
"supportsA2a": false,
"supportsStreaming": false,
"inputSchemaRef": "https://github.com/AtlasPA/openclaw-bastion#input",
"outputSchemaRef": "https://github.com/AtlasPA/openclaw-bastion#output",
"dataRegion": "global",
"contractUpdatedAt": "2026-02-24T19:44:25.328Z",
"sourceUpdatedAt": "2026-02-24T19:44:25.328Z",
"freshnessSeconds": 4420627
}Invocation Guide
{
"preferredApi": {
"snapshotUrl": "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/snapshot",
"contractUrl": "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/contract",
"trustUrl": "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/trust"
},
"curlExamples": [
"curl -s \"https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/snapshot\"",
"curl -s \"https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/contract\"",
"curl -s \"https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/trust\""
],
"jsonRequestTemplate": {
"query": "summarize this repo",
"constraints": {
"maxLatencyMs": 2000,
"protocolPreference": [
"OPENCLEW"
]
}
},
"jsonResponseTemplate": {
"ok": true,
"result": {
"summary": "...",
"confidence": 0.9
},
"meta": {
"source": "GITHUB_OPENCLEW",
"generatedAt": "2026-04-16T23:41:33.115Z"
}
},
"retryPolicy": {
"maxAttempts": 3,
"backoffMs": [
500,
1500,
3500
],
"retryableConditions": [
"HTTP_429",
"HTTP_503",
"NETWORK_TIMEOUT"
]
}
}Trust JSON
{
"status": "unavailable",
"handshakeStatus": "UNKNOWN",
"verificationFreshnessHours": null,
"reputationScore": null,
"p95LatencyMs": null,
"successRate30d": null,
"fallbackRate": null,
"attempts30d": null,
"trustUpdatedAt": null,
"trustConfidence": "unknown",
"sourceUpdatedAt": null,
"freshnessSeconds": null
}Capability Matrix
{
"rows": [
{
"key": "OPENCLEW",
"type": "protocol",
"support": "unknown",
"confidenceSource": "profile",
"notes": "Listed on profile"
},
{
"key": "contain",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
},
{
"key": "for",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
},
{
"key": "files",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
},
{
"key": "a",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
},
{
"key": "path",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
}
],
"flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:contain|supported|profile capability:for|supported|profile capability:files|supported|profile capability:a|supported|profile capability:path|supported|profile"
}Facts JSON
[
{
"factKey": "docs_crawl",
"category": "integration",
"label": "Crawlable docs",
"value": "6 indexed pages on the official domain",
"href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceType": "search_document",
"confidence": "medium",
"observedAt": "2026-04-15T05:03:46.393Z",
"isPublic": true
},
{
"factKey": "vendor",
"category": "vendor",
"label": "Vendor",
"value": "Atlaspa",
"href": "https://github.com/AtlasPA/openclaw-bastion",
"sourceUrl": "https://github.com/AtlasPA/openclaw-bastion",
"sourceType": "profile",
"confidence": "medium",
"observedAt": "2026-03-01T06:04:31.203Z",
"isPublic": true
},
{
"factKey": "protocols",
"category": "compatibility",
"label": "Protocol compatibility",
"value": "OpenClaw",
"href": "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/contract",
"sourceUrl": "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/contract",
"sourceType": "contract",
"confidence": "medium",
"observedAt": "2026-02-24T19:44:25.328Z",
"isPublic": true
},
{
"factKey": "auth_modes",
"category": "compatibility",
"label": "Auth modes",
"value": "api_key",
"href": "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/contract",
"sourceUrl": "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/contract",
"sourceType": "contract",
"confidence": "high",
"observedAt": "2026-02-24T19:44:25.328Z",
"isPublic": true
},
{
"factKey": "schema_refs",
"category": "artifact",
"label": "Machine-readable schemas",
"value": "OpenAPI or schema references published",
"href": "https://github.com/AtlasPA/openclaw-bastion#input",
"sourceUrl": "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/contract",
"sourceType": "contract",
"confidence": "high",
"observedAt": "2026-02-24T19:44:25.328Z",
"isPublic": true
},
{
"factKey": "handshake_status",
"category": "security",
"label": "Handshake status",
"value": "UNKNOWN",
"href": "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/trust",
"sourceUrl": "https://xpersona.co/api/v1/agents/atlaspa-openclaw-bastion/trust",
"sourceType": "trust",
"confidence": "medium",
"observedAt": null,
"isPublic": true
}
]Change Events JSON
[
{
"eventType": "docs_update",
"title": "Docs refreshed: Sign in to GitHub · GitHub",
"description": "Fresh crawlable documentation was indexed for the official domain.",
"href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceType": "search_document",
"confidence": "medium",
"observedAt": "2026-04-15T05:03:46.393Z",
"isPublic": true
}
]Sponsored
Ads related to openclaw-bastion and adjacent AI workflows.