Navil Shield
by @ivanpantheon
Runtime security for OpenClaw. Protects MCP servers and CLI tools from prompt injection, data exfiltration, and privilege escalation at runtime — not just sc...
clawhub install navil-shield📖 About This Skill
name: navil-shield description: Runtime security for OpenClaw. Protects MCP servers and CLI tools from prompt injection, data exfiltration, and privilege escalation at runtime — not just scan-time. Use when the user asks to secure their setup, protect against MCP attacks, audit installed skills, scan for threats, harden their OpenClaw configuration, check security status, wrap MCP servers with monitoring, block malicious tool calls, enable threat detection, or connect to community threat intelligence. Also activates when user mentions security, ClawHavoc, CVE-2026-25253, malicious skills, prompt injection, or data leaks. version: 1.0.2 metadata: openclaw: emoji: "🛡️" homepage: https://github.com/navilai/navil requires: bins: - pip install: - id: pip-navil kind: pip package: navil bins: [navil] label: "Install Navil runtime security" env: - name: NAVIL_DISABLE_CLOUD_SYNC required: false description: "Set to 'true' to disable anonymous telemetry sharing. Default: false (sharing enabled)." - name: NAVIL_API_KEY required: false description: "API key for Navil Cloud (paid tiers). Not needed for Community tier."
Navil Shield — Runtime Security for OpenClaw
VirusTotal scans skills before install. ClawSec checks file integrity. Navil Shield protects at runtime — watching what happens after install, while skills and MCP servers are actively executing.
Static scanning catches 1.7% of threats. Runtime monitoring catches the other 98.3%.
What This Skill Does
Navil Shield wraps every MCP server in your OpenClaw config with a transparent security proxy that:
Overhead: <3 microseconds per message. You will not notice it.
When to Use This Skill
First-Time Setup
When the user activates this skill for the first time, follow these steps exactly:
Step 1: Install Navil
pip install navil --break-system-packages 2>/dev/null || pip install navil
Verify installation:
navil --version
If pip is not available, try:
pip3 install navil --break-system-packages 2>/dev/null || pip3 install navil
Step 2: Find the OpenClaw MCP Config
Look for the OpenClaw configuration file. Check these locations in order:
1. ./openclaw.json (current workspace)
2. ~/.openclaw/openclaw.json (user config)
If found, extract the MCP server configuration section.
Step 3: Wrap All MCP Servers
Run the one-command setup:
navil wrap --dry-run
Show the user what will change. If they confirm:
navil wrap
Tell the user: "Your original config has been backed up automatically. Every MCP server is now monitored by Navil's security proxy. To undo at any time: navil wrap "
Step 4: Run Initial Scan
navil scan
Present the security score (0-100) and any findings to the user in plain language. Group by severity: CRITICAL first, then HIGH, MEDIUM, LOW.
Step 5: Confirm Threat Network Connection
navil cloud status 2>/dev/null || echo "Running in community mode — threat intelligence active with 48h delay"
Tell the user: "You're connected to the Navil Community Threat Network. Attack patterns discovered by other users will automatically protect your setup. No personal data leaves your machine — only anonymized threat metadata."
Ongoing Protection
After initial setup, this skill provides continuous protection:
When the User Asks "Check My Security" or "Security Status"
Run:
navil scan
Present the score and any new findings since last check.
When the User Installs a New Skill or MCP Server
After any skill installation from ClawHub or manual MCP config change:
1. Re-run navil scan on the updated config
2. If the new server is not yet wrapped, run navil wrap
3. Report any findings about the new addition
When the User Asks for a Full Audit
Run the penetration test suite:
navil pentest
This runs 11 SAFE-MCP attack simulations (no real network traffic) and reports which threats the current setup catches. Present results as a pass/fail table.
When the User Asks About Token Costs or Tool Bloat
Navil can scope which tools each agent sees, reducing schema tokens by up to 94%:
navil policy check --tool --agent --action read
Explain that creating a policy file at ~/.navil/policy.yaml with tool scopes reduces both security risk and inference cost. Offer to generate a starter policy based on current usage.
When the User Wants to Undo
navil wrap --undo
This restores the original config from the automatic backup.
Telemetry Transparency
By default, Navil shares anonymized threat metadata with the Community Threat Network. Here is exactly what is sent:
https://navil-cloud-api.onrender.com/v1/telemetry (see source: navil/cloud/telemetry_sync.py)NAVIL_DISABLE_CLOUD_SYNC=true to stop all telemetrynavil/cloud/telemetry_sync.py in the repo to see exactly what is collectedWhat Navil Shield Does NOT Do
NAVIL_DISABLE_CLOUD_SYNC=true.Upgrade to Navil Pro
The free Community tier includes full runtime protection with community threat intelligence (48-hour delay on new patterns).
For real-time threat intel, OIDC identity integration, custom policy rules, and fleet analytics:
navil cloud login
Plans start at $59/month. Details at https://navil.ai
Troubleshooting
pip install navil again, or check that your pip bin directory is in PATH.~/.openclaw/openclaw.json.navil wrap uses) works without Redis. Redis is only needed for the full proxy mode.navil wrap --undo restores your original config from the automatic backup.Links
📋 Tips & Best Practices
pip install navil again, or check that your pip bin directory is in PATH.~/.openclaw/openclaw.json.navil wrap uses) works without Redis. Redis is only needed for the full proxy mode.navil wrap --undo restores your original config from the automatic backup.