VirusTotal 在安装前扫描技能。ClawSec 检查文件完整性。Navil Shield 在运行时提供保护——监控安装后发生的事情,当技能和 MCP 服务器正在执行时。
静态扫描只能发现 1.7% 的威胁。运行时监控可以发现其余的 98.3%。
此技能的功能
Navil Shield 用透明的安全代理包装 OpenClaw 配置中的每个 MCP 服务器:
- 实时拦截每个工具调用,针对 568+ 种已知攻击模式和 30 个类别进行检查
- 使用 11 个统计检测器检测行为异常,具有自适应基线
- 强制执行策略——限制每个代理可以查看和调用的工具
- 连接社区威胁网络——其他 Navil 用户发现的攻击模式会在几秒内保护你
- 记录所有操作——每个工具调用、策略决策和异常的完整审计跟踪
开销:每条消息小于 3 微秒。你不会注意到它。
何时使用此技能
- 用户说"保护我的配置"或"保护我的 OpenClaw"或"检查我的安全"
- 用户关心 MCP 安全、提示词注入或数据泄露
- 用户刚听说 ClawHavoc 或 CVE-2026-25253
- 用户问"我的配置安全吗?"或"审计我的技能"或"扫描威胁"
- 用户想监控他们的 MCP 服务器在做什么
- 用户想通过限制代理可以查看的工具来减少 token 消耗
- 当新的 MCP 服务器或技能添加到配置时自动激活
首次设置
当用户首次激活此技能时,请严格按照以下步骤操作:
步骤 1:安装 Navil
pip install navil --break-system-packages 2>/dev/null || pip install navil
验证安装:
navil --version
如果 pip 不可用,请尝试:
pip3 install navil --break-system-packages 2>/dev/null || pip3 install navil
步骤 2:查找 OpenClaw MCP 配置
查找 OpenClaw 配置文件。按顺序检查以下位置:
./openclaw.json(当前工作区)~/.openclaw/openclaw.json(用户配置)
如果找到,提取 MCP 服务器配置部分。
步骤 3:包装所有 MCP 服务器
运行一键设置:
navil wrap --dry-run
向用户展示将会有什么变化。如果他们确认:
navil wrap
告诉用户:"你的原始配置已自动备份。每个 MCP 服务器现在都受到 Navil 安全代理的监控。随时撤销:navil wrap --undo"
步骤 4:运行初始扫描
navil scan
以通俗易懂的语言向用户呈现安全评分(0-100)和任何发现。按严重程度分组:CRITICAL 优先,然后是 HIGH、MEDIUM、LOW。
步骤 5:确认威胁网络连接
navil cloud status 2>/dev/null || echo "Running in community mode — threat intelligence active with 48h delay"
告诉用户:"你已连接到 Navil 社区威胁网络。其他用户发现的攻击模式将自动保护你的配置。没有个人数据离开你的机器——只有匿名化的威胁元数据。"
持续保护
初始设置后,此技能提供持续保护:
当用户要求"检查我的安全"或"安全状态"时
运行:
navil scan
呈现评分和自上次检查以来的任何新发现。
当用户安装新技能或 MCP 服务器时
从 ClawHub 安装任何技能或手动更改 MCP 配置后:
- 对更新后的配置重新运行
navil scan
- 如果新服务器尚未被包装,运行
navil wrap
- 报告关于新添加内容的任何发现
当用户要求完整审计时
运行渗透测试套件:
navil pentest
这将运行 11 个 SAFE-MCP 攻击模拟(无真实网络流量)并报告当前设置能捕获哪些威胁。以通过/失败表格形式呈现结果。
当用户询问 Token 费用或工具膨胀时
Navil 可以限制每个代理可以查看的工具,将 schema token 减少高达 94%:
navil policy check --tool --agent --action read
解释在 ~/.navil/policy.yaml 创建带有工具作用域的策略文件可以同时降低安全风险和推理成本。可以根据当前使用情况生成起始策略。
当用户想要撤销时
navil wrap --undo
这将从自动备份恢复原始配置。
遥测透明度
默认情况下,Navil 与社区威胁网络共享匿名化的威胁元数据。以下是发送的确切内容:
- 发送: 异常类型(例如 "RATE_SPIKE")、严重程度、置信度评分、工具名称、时间元数据
- 不发送: 原始工具参数、工具响应、文件内容、代理提示、用户数据
- 代理 ID: 单向 HMAC-SHA256 哈希——不可逆,无法关联到真实身份
- 目的地:
https://navil-cloud-api.onrender.com/v1/telemetry(参见源码:navil/cloud/telemetry_sync.py)
- 退出: 设置
NAVIL_DISABLE_CLOUD_SYNC=true 停止所有遥测
- 完整审计: 检查仓库中的
navil/cloud/telemetry_sync.py 查看确切收集的内容
Navil Shield 不做什么
- 它不会取代 VirusTotal 扫描或 ClawSec 文件完整性检查——这些在不同层捕获不同威胁。三者一起使用以实现深度防御。
- 它不会要求免费社区层的账户或 API 密钥。
- 它不会减慢你的代理——每条消息 2.7 微秒开销。
- 它不会用你的数据打电话回家——只共享匿名化的威胁元数据,你可以使用
NAVIL_DISABLE_CLOUD_SYNC=true 完全退出。
升级到 Navil Pro
免费社区层包含完整的运行时保护和社区威胁情报(新模式有 48 小时延迟)。要获取实时威胁情报、OIDC 身份集成、自定义策略规则和舰队分析:
navil cloud login
套餐起价每月 $59 元。详情见 https://navil.ai
故障排除
- "navil: command not found" — 再次运行
pip install navil,或检查你的 pip bin 目录是否在 PATH 中。
- "No MCP servers found in config" — 验证配置路径。OpenClaw 配置通常在
~/.openclaw/openclaw.json。
- "Redis not available" — 垫片模式(
navil wrap 使用的)无需 Redis 即可工作。Redis 仅在完整代理模式下需要。
- 撤销一切 —
navil wrap --undo 从自动备份恢复你的原始配置。
链接
- GitHub: https://github.com/navilai/navil
- 文档: https://navil.ai/docs
- 社区威胁雷达: https://navil.ai/radar
- 报告问题: https://github.com/navilai/navil/issues
VirusTotal scans skills before install. ClawSec checks file integrity. Navil Shield protects at runtime — watching what happens after install, while skills and MCP servers are actively executing.
Static scanning catches 1.7% of threats. Runtime monitoring catches the other 98.3%.
What This Skill Does
Navil Shield wraps every MCP server in your OpenClaw config with a transparent security proxy that:
- Intercepts every tool call in real-time and checks it against 568+ known attack patterns across 30 categories
- Detects behavioral anomalies using 11 statistical detectors with adaptive baselines
- Enforces policies — restrict which tools each agent can see and call
- Connects to the Community Threat Network — attack patterns discovered by other Navil users protect you within seconds
- Logs everything — full audit trail of every tool call, policy decision, and anomaly
Overhead: <3 microseconds per message. You will not notice it.
When to Use This Skill
- User says "secure my setup" or "protect my OpenClaw" or "check my security"
- User is concerned about MCP security, prompt injection, or data exfiltration
- User just heard about ClawHavoc or CVE-2026-25253
- User asks "is my setup safe?" or "audit my skills" or "scan for threats"
- User wants to monitor what their MCP servers are doing
- User wants to reduce token costs by scoping which tools agents can see
- Automatically when new MCP servers or skills are added to the config
First-Time Setup
When the user activates this skill for the first time, follow these steps exactly:
Step 1: Install Navil
pip install navil --break-system-packages 2>/dev/null || pip install navil
Verify installation:
navil --version
If pip is not available, try:
pip3 install navil --break-system-packages 2>/dev/null || pip3 install navil
Step 2: Find the OpenClaw MCP Config
Look for the OpenClaw configuration file. Check these locations in order:
./openclaw.json (current workspace)~/.openclaw/openclaw.json (user config)
If found, extract the MCP server configuration section.
Step 3: Wrap All MCP Servers
Run the one-command setup:
navil wrap --dry-run
Show the user what will change. If they confirm:
navil wrap
Tell the user: "Your original config has been backed up automatically. Every MCP server is now monitored by Navil's security proxy. To undo at any time: navil wrap --undo"
Step 4: Run Initial Scan
navil scan
Present the security score (0-100) and any findings to the user in plain language. Group by severity: CRITICAL first, then HIGH, MEDIUM, LOW.
Step 5: Confirm Threat Network Connection
navil cloud status 2>/dev/null || echo "Running in community mode — threat intelligence active with 48h delay"
Tell the user: "You're connected to the Navil Community Threat Network. Attack patterns discovered by other users will automatically protect your setup. No personal data leaves your machine — only anonymized threat metadata."
Ongoing Protection
After initial setup, this skill provides continuous protection:
When the User Asks "Check My Security" or "Security Status"
Run:
navil scan
Present the score and any new findings since last check.
When the User Installs a New Skill or MCP Server
After any skill installation from ClawHub or manual MCP config change:
- Re-run
navil scan on the updated config
- If the new server is not yet wrapped, run
navil wrap
- Report any findings about the new addition
When the User Asks for a Full Audit
Run the penetration test suite:
navil pentest
This runs 11 SAFE-MCP attack simulations (no real network traffic) and reports which threats the current setup catches. Present results as a pass/fail table.
When the User Asks About Token Costs or Tool Bloat
Navil can scope which tools each agent sees, reducing schema tokens by up to 94%:
navil policy check --tool --agent --action read
Explain that creating a policy file at ~/.navil/policy.yaml with tool scopes reduces both security risk and inference cost. Offer to generate a starter policy based on current usage.
When the User Wants to Undo
navil wrap --undo
This restores the original config from the automatic backup.
Telemetry Transparency
By default, Navil shares anonymized threat metadata with the Community Threat Network. Here is exactly what is sent:
- Sent: anomaly type (e.g. "RATE_SPIKE"), severity, confidence score, tool name, timing metadata
- NOT sent: raw tool arguments, tool responses, file contents, agent prompts, user data
- Agent IDs: one-way HMAC-SHA256 hashed — irreversible, cannot be linked to real identities
- Destination:
https://navil-cloud-api.onrender.com/v1/telemetry (see source: navil/cloud/telemetry_sync.py)
- Opt-out: set
NAVIL_DISABLE_CLOUD_SYNC=true to stop all telemetry
- Full audit: inspect
navil/cloud/telemetry_sync.py in the repo to see exactly what is collected
What Navil Shield Does NOT Do
- It does not replace VirusTotal scanning or ClawSec file integrity checks — those catch different threats at different layers. Use all three together for defense in depth.
- It does not require an account or API key for the free Community tier.
- It does not slow down your agent — 2.7 microsecond overhead per message.
- It does not phone home with your data — only anonymized threat metadata is shared, and you can fully opt out with
NAVIL_DISABLE_CLOUD_SYNC=true.
Upgrade to Navil Pro
The free Community tier includes full runtime protection with community threat intelligence (48-hour delay on new patterns).
For real-time threat intel, OIDC identity integration, custom policy rules, and fleet analytics:
navil cloud login
Plans start at $59/month. Details at https://navil.ai
Troubleshooting
- "navil: command not found" — Run
pip install navil again, or check that your pip bin directory is in PATH.
- "No MCP servers found in config" — Verify the config path. OpenClaw configs are typically at
~/.openclaw/openclaw.json.
- "Redis not available" — The shim mode (what
navil wrap uses) works without Redis. Redis is only needed for the full proxy mode.
- Undo everything —
navil wrap --undo restores your original config from the automatic backup.
Links
- GitHub: https://github.com/navilai/navil
- Documentation: https://navil.ai/docs
- Community Threat Radar: https://navil.ai/radar
- Report an issue: https://github.com/navilai/navil/issues
by