← Back to Skills Marketplace
523
Downloads
0
Stars
0
Active Installs
11
Versions
Install in OpenClaw
/install pastewatch-mcp
Description
Secret redaction MCP server for OpenClaw agents. Prevents API keys, DB credentials, SSH keys, emails, IPs, JWTs, and 30+ other secret types from leaking to L...
Usage Guidance
This skill appears to do what it claims (local secret redaction and an API proxy), but it requires installing and running a third‑party binary with system-level privileges and intercepting all outbound agent traffic. Before using it: 1) verify the GitHub repository and release artifacts (check signatures/checksums and confirm the release owner), 2) prefer installation via your distro or a vetted package manager if available (brew is suggested for macOS), 3) run the proxy in a restricted environment (dedicated service user, container, or VM) and limit network access, 4) review the pastewatch source code or audits if you can, 5) be aware the setup changes chainwatch/upstream settings and systemd units — plan rollback and backups, and 6) do not install if you cannot fully trust or validate the binary that will process all agent outbound data. If you want a lower‑risk test, run pastewatch locally in a container and exercise its behavior on non-sensitive test data first.
Capability Analysis
Type: OpenClaw Skill
Name: pastewatch-mcp
Version: 1.3.0
The pastewatch-mcp skill bundle provides a secret redaction utility that requires high-risk system modifications, including installing binaries to `/usr/local/bin` via curl and creating systemd services to run an API proxy that intercepts outbound LLM traffic. It also includes broad data-access capabilities such as scanning local files, git history, and entire GitHub organizations (via `pastewatch-cli posture`). While these features are consistent with the stated goal of preventing credential leaks, the extensive system control, network interception, and data-gathering potential represent a significant attack surface for an AI agent.
Capability Assessment
Purpose & Capability
Name/description, required binaries (pastewatch-cli, mcporter), and the runtime instructions all align: this is a secret-redaction/proxy MCP integration for agents. The listed tools (guard, proxy, scan, watch, vault, canary) match the stated purpose.
Instruction Scope
SKILL.md instructs the agent/admin to install a system binary, run a network proxy that scans all outbound LLM requests, create systemd services, write audit logs to /var/log, and change chainwatch upstream settings. These steps are consistent with a redaction/proxy role but are high‑impact (they intercept all outgoing data and modify other agent components). The instructions do not attempt to read unrelated host secrets beyond what a proxy/agent integration would see, but they do require broad access to traffic and system configuration.
Install Mechanism
The registry has no formal install spec (instruction-only), but SKILL.md provides curl commands to download a binary from GitHub Releases and place it in /usr/local/bin (with a checksum check). Downloading from GitHub releases is a reasonable distribution source, but writing to /usr/local/bin and installing systemd units requires elevated privileges and you must trust the binary. There is no packaged/install manifest in the registry itself — the onus is on the operator to validate releases and checksums.
Credentials
The skill declares no required environment variables or credentials. That is proportionate for a local proxy/CLI; nothing in SKILL.md asks for unrelated secrets or external credentials.
Persistence & Privilege
The instructions explicitly advise creating systemd services and modifying chainwatch's upstream setting so traffic flows through pastewatch. That modifies other agent infrastructure and grants the component broad visibility into all outbound requests. While 'always' is false, installing and enabling the service gives high persistence and privilege — you must trust the binary and its operator.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pastewatch-mcp - After installation, invoke the skill by name or use
/pastewatch-mcp - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
v0.24.1: alert injection on proxy, standalone wl_sk_ detection fix, 36 secret types
v1.2.3
Updated min version to 0.23.2 (workledger key detection, ~/.openclaw path protection)
v1.2.2
Add ANCC breadcrumb
v1.2.1
Add proxy+chainwatch chained setup guide with systemd config and rollback
v1.2.0
v0.23.0: API proxy (last-line defense for sub-agents), file watcher, dashboard, org posture scanning, JDBC detection, banking profile, XML scanning, gitignore-aware, configurable placeholders, admin config layer
v1.1.3
Branded footer with canonical authority notice
v1.1.2
Add copyright footer with canonical source
v1.1.1
Add MIT license
v1.1.0
v0.18.0: guard covers DB CLIs/pipe chains/subshells/infra tools, canary tokens, encrypted vault, git history scanning, agent setup wizard, session reports
v1.0.1
Add checksum verification, declare mcporter dependency, clarify Swift runtime install requires user consent
v1.0.0
Secret redaction MCP server — 29 detection types, audit logging
Metadata
Frequently Asked Questions
What is Pastewatch MCP?
Secret redaction MCP server for OpenClaw agents. Prevents API keys, DB credentials, SSH keys, emails, IPs, JWTs, and 30+ other secret types from leaking to L... It is an AI Agent Skill for Claude Code / OpenClaw, with 523 downloads so far.
How do I install Pastewatch MCP?
Run "/install pastewatch-mcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pastewatch MCP free?
Yes, Pastewatch MCP is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pastewatch MCP support?
Pastewatch MCP is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pastewatch MCP?
It is built and maintained by ppiankov (@ppiankov); the current version is v1.3.0.
More Skills