PromptDome × OpenClaw

API key required — Get yours free at https://promptdome.cyberforge.one/dashboard/api-keys
(Sign up → Dashboard → API Keys → Create Key)

Adds automatic prompt injection detection to any OpenClaw agent. Two components work together:

Quick Setup (60 seconds)

CODEBLOCK0

That's it. The script:

1. 1. Tests your API key against the PromptDome API
2. Installs promptdome-gate hook → INLINECODE4
3. Installs promptdome_scan plugin → INLINECODE6
4. Saves API key to openclaw.json env block
5. Enables the hook automatically
6. Prompts you to restart the gateway

Get an API key: https://promptdome.cyberforge.one/dashboard/api-keys

Manual Setup

1. Copy files

CODEBLOCK1

2. Set API key

Add to ~/.openclaw/openclaw.json:
CODEBLOCK2

Or set PROMPTDOME_API_KEY in your shell environment.

3. Enable hook and restart

CODEBLOCK3

What Happens After Install

• - Every incoming message → scanned automatically before the model processes it
• BLOCK (score ≥ 70): [PROMPTDOME BLOCK] warning injected into conversation
• WARN (score ≥ 40): Soft caution note injected
• ALLOW: Silent — no overhead in conversation history
• Scan log: INLINECODE11
• Fail-open: if API is unreachable, messages pass through unblocked

Using the Agent Tool

Enable promptdome_scan in your agent's tool allowlist:
CODEBLOCK4

Then agents call it like any tool — before processing web fetches, search results, uploaded files, or any external content.

Self-Hosted PromptDome

Override the API endpoint:

{
  "env": {
    "PROMPTDOME_API_KEY": "sk_shield_live_...",
    "PROMPTDOME_API_URL": "https://your-instance.com/api/v1/shield"
  }
}

Detection Coverage

PromptDome engine covers 32 attack categories including:

• - Prompt injection & jailbreaks
• Fake system events / gateway spoofing
• PII & credential exfiltration
• ClickFix / social engineering
• HTML/DOM injection (browser agents)
• Agentic chain poisoning
• Multilingual evasion (18 languages)

Full category list: https://promptdome.cyberforge.one/docs