RTR OpenClaw — Skill Security Gateway — CSOS

RTR OpenClaw enforces a three-layer security model before and during AI skill execution in the browser.
SkillAnalyzer runs a four-pass heuristic inspection of skill code before execution — checking for network exfiltration (SA-G1), filesystem access (SA-G2), dynamic code execution (SA-G3), credential leakage (SA-G4), and aggregate behavioural penalty scoring (SA-G5). Skills with critical violations are rejected before they can run.
RuntimeGuard monitors active skill sessions using Firefox's blocking webRequest API. It enforces per-session request limits, cancels policy-violating requests, and triggers a kill switch when the H–C–E collapse gate fails — transitioning the skill to a locked state.
PromptShield intercepts WebSocket frames for eight classes of prompt injection (PI-001–PI-008), including role hijacking, encoding evasion, delimiter injection, and exfiltration attempts. Only hashes and match metadata are stored — no raw message content is retained.
All three layers feed into a signed Proof Bundle: a cryptographically attested evidence package with H–C–E trust observables, lifecycle state, and measurement attribution, governed under RTR Governance Protocol v1.1.