📦 Sensitive Info Protection — 实用工具
v1.0.0信息 real-time protection 技能 automatically detects, alerts, 和 handles sensitive 数据 用户 interactions. Supports custom detecti...
0· 153·0 当前·0 累计
by @leefj0606 安全扫描
OpenClaw
安全
high confidenceThe skill's code, runtime instructions, and resource needs are consistent with a local sensitive-data detection/desensitization tool implemented in Python and a small UI helper; nothing requests unrelated credentials or installs remote code.
评估建议
This skill appears coherent and implements what it describes. Before installing or enabling it, consider: (1) it will read any config file path you provide (via load_config or CLI) so avoid pointing it at files you don't want parsed; (2) its detection is regex-based — review and test default_rules.json and any custom rules to avoid false positives/overblocking; (3) assets/sensitive-interaction.js injects UI buttons into a webchat DOM — review that script if you plan to run it in a browser to ens...详细分析 ▾
✓ 用途与能力
Name/description (real-time sensitive-data detection, custom rules, desensitization) align with the contained files: a Python detection engine (scripts/detector.py, scripts/models.py), built-in rules (scripts/default_rules.json), a CLI (scripts/cli.py), docs, and a small client-side UI asset (assets/sensitive-interaction.js). Required binary is only python3, which is appropriate.
ℹ 指令范围
SKILL.md and code limit behavior to scanning text, loading local JSON rule files, adding/removing rules, printing or desensitizing content, and a UI script to inject action buttons into a web chat. There are no instructions to read system secrets, environment variables, or to transmit detected data externally. Note: load_config and the CLI accept arbitrary file paths — the skill will read any file you point it at (expected but worth considering).
✓ 安装机制
No install spec; this is instruction-plus-code meant to run where python3 is available. No remote downloads or extracted archives are used in the repository files provided.
✓ 凭证需求
The skill requests no environment variables or credentials. The default rules include patterns for tokens (OpenAI, GitHub, AWS) which is expected for detection; there are no unrelated credential requirements.
✓ 持久化与权限
Skill flags are default (always:false, user-invocable:true, model invocation allowed). The skill does not request permanent platform-wide privileges or modify other skills. The included browser UI asset injects buttons into the DOM when executed in a page context — this is a local client-side helper, not an autonomous persistent installer.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install sensitive-info-protection
镜像加速npx clawhub@latest install sensitive-info-protection --registry https://cn.longxiaskill.com镜像同步中