← Back to Skills Marketplace

错敏信息检测

Name: 错敏信息检测
Author: 1227323804

by 1227323804 · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ✓ Security Clean

207

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install ucap-sensitive-check

Description

通过调用UCAP安全接口，检测文本或网页内容中的多种敏感信息，支持智能静态和动态抓取模式，保障数据合规。

Usage Guidance

This skill appears coherent and security-conscious. Before installing: 1) Review where the UCAP API endpoint(s) are called in main.py so you know what external host(s) receive data. 2) Use an isolated Python environment (venv) when pip installing the listed dependencies. 3) Do NOT enable dynamic/browser mode (DISABLE_JAVASCRIPT=False) unless you intentionally install Node/agent-browser/Chrome and you set a strict ALLOWED_DOMAINS whitelist — dynamic mode executes page JS and can create SSRF risks if misconfigured. 4) Treat the UCAP userKey like any API key: provide it only if you trust the UCAP service; the code stores it only in-process but suggests persisting as a system env var for convenience (avoid persisting secrets unless necessary). If you want extra assurance, request the maintainer to publish the UCAP API endpoint and any telemetry behavior in the code for review.

Capability Analysis

Type: OpenClaw Skill Name: ucap-sensitive-check Version: 1.0.1 The skill is designed for sensitive information detection using the UCAP platform and demonstrates a high level of security awareness. It implements robust SSRF protections in `main.py`, including DNS resolution-based IP filtering, private/reserved network blocking, and secondary validation after URL redirects. While it utilizes `subprocess.run` to interface with an external `agent-browser` tool for dynamic content, it does so using safe argument lists and requires an explicit domain whitelist. The handling of the `userKey` via environment variables is standard for API integration, and no evidence of malicious intent, data exfiltration, or prompt injection was found.

Capability Assessment

✓ Purpose & Capability

Name/description claim detecting sensitive info via a UCAP API. The package contains code to fetch URLs, perform SSRF checks, and call an external API (userKey support). Required tooling (requests, dnspython, beautifulsoup) aligns with fetching/parsing/validating web content. No unrelated cloud credentials or unrelated system access are requested.

✓ Instruction Scope

SKILL.md and main.py limit actions to: validating URLs, optionally fetching page content (static or optional browser-based), and calling the UCAP service. The docs explicitly call out SSRF risks and require a whitelist for the dynamic/browser mode; the instructions do not direct the agent to read unrelated files or exfiltrate arbitrary environment data.

ℹ Install Mechanism

There is no platform install spec (instruction-only installer), but requirements.txt and SKILL.md instruct pip installing dependencies. Dynamic mode requires external tooling (Node.js, agent-browser, Chrome) invoked via subprocess — this is optional and only necessary to enable browser rendering. This is expected for the described functionality but increases runtime footprint if dynamic mode is enabled.

✓ Credentials

No required environment variables are declared. The code supports an optional UCAP_USERKEY (stored in process env only) to lift rate limits; this matches the described behavior. No unrelated secrets or multiple external service credentials are requested.

✓ Persistence & Privilege

The skill does not request permanent/always-on privileges (always:false) and does not modify other skills or system-wide configs. It writes an optional userKey to the current process env only and documents this behavior. Autonomous invocation is allowed (disable-model-invocation:false) but that is the platform default and not, by itself, a risk here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install ucap-sensitive-check
After installation, invoke the skill by name or use /ucap-sensitive-check
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

- 默认网页抓取模式由“智能模式（静态优先，失败自动切换动态）”调整为仅静态模式，提升安全性和易用性。 - 启用动态模式需显式设置 `DISABLE_JAVASCRIPT = False` 并强制配置 `ALLOWED_DOMAINS` 白名单，未配置时不再自动切换。 - 文档结构与说明优化，更清晰区分静态与动态模式的使用场景及安全风险。 - 移除“智能模式”相关内容，强调静态模式高安全性和对大多数网页的适用性。 - 明确动态模式额外依赖（Node.js、agent-browser、Chrome）及启用条件。

v1.0.0

- 首发版本，提供通过 UCAP 平台接口进行文本敏感信息检测的能力 - 支持智能模式（静态/动态网页抓取自动切换），动态模式需配置白名单 - 内置多层 SSRF 防护，有效阻止私有网段、云元数据等风险访问 - 支持 userKey 授权和体验用户，每周10次免费体验 - 用户输入支持文本内容或网页 URL，标准化 JSON 输入输出 - 完善的错误处理机制和详细错误码说明

Metadata

Slug ucap-sensitive-check

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is 错敏信息检测?

通过调用UCAP安全接口，检测文本或网页内容中的多种敏感信息，支持智能静态和动态抓取模式，保障数据合规。 It is an AI Agent Skill for Claude Code / OpenClaw, with 207 downloads so far.

How do I install 错敏信息检测?

Run "/install ucap-sensitive-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 错敏信息检测 free?

Yes, 错敏信息检测 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 错敏信息检测 support?

错敏信息检测 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 错敏信息检测?

It is built and maintained by 1227323804 (@1227323804); the current version is v1.0.1.

More Skills