← Back to Skills Marketplace
zhanggroot7

skill-privacy-guard

by zhanggroot7 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
74
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install skill-privacy-guard
Description
STOPS all sensitive information from entering skill files. Automatically blocks usernames, paths, personal data when creating or updating skills. CRITICAL -...
Usage Guidance
This skill is plausible for its stated job (sanitizing skill files) but has several red flags you should clarify before installing: - Who actually invokes the skill and when? The doc claims it should always run after edits, but registry metadata does not set always:true. Confirm whether the platform will auto-trigger the skill and under what conditions. - Confirm file access scope and safeguards. The skill intends to read and modify skill.md files; ask the developer to limit scope (only skills in the same project or an explicit whitelist), and require explicit user approval before writing changes. - Require a dry-run/preview mode and an explicit 'apply changes' step. You should be able to review proposed replacements and reject them to avoid accidental over-sanitization. - Ask for audit logs and an undo mechanism. Modifying skill files without trace or easy rollback risks data loss and obscures why examples were changed. - Request tests and examples demonstrating the regex rules won't over-match (avoid false positives that remove legitimate content). Provide unit tests and sample inputs/outputs. - Confirm there is no external transmission of scanned content. The SKILL.md does not mention network calls, but explicitly ask that the skill never sends file contents outside the agent/platform. If the developer cannot or will not provide answers, consider the risk that this skill could autonomously alter many skill files without adequate review — treat it cautiously. If you decide to try it, enable it in a sandboxed environment, back up your repository, and require manual approval for any automatic edits.
Capability Analysis
Type: OpenClaw Skill Name: skill-privacy-guard Version: 1.0.0 The skill-privacy-guard bundle is a defensive utility designed to automatically sanitize sensitive information, such as PII, credentials, and absolute paths, from OpenClaw skill files. The instructions in skill.md provide comprehensive regex patterns and replacement rules to ensure skills remain generic and secure, with explicit rules against logging or exfiltrating the sensitive data it detects.
Capability Tags
cryptorequires-walletrequires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The name/description match the instructions: the document describes scanning and sanitizing skill files and provides concrete replacement rules and regexes. However, the SKILL.md repeatedly claims 'Always run after skill modifications' and 'TOP PRIORITY', while the registry metadata shows always: false and user-invocable: false, which is inconsistent. Requesting the ability to identify and read skill files is coherent for a sanitizer, but the claimed priority/auto-run semantics are not reflected in metadata and are not implementable from an instruction-only skill without platform integration.
Instruction Scope
Instructions explicitly tell the agent to 'Identify the skill file path', 'Read the complete content', and 'Scan for sensitive patterns' — this requires reading/modifying other skill.md files and thus broad access to potentially sensitive content. The sanitization rules are aggressive (block all network identifiers, credentials, various cloud IDs) and could over-sanitize or alter legitimate examples. There is no explicit guidance for a preview/dry-run, explicit user approval before modifying files, change-logging, or safe rollback. That gives the agent broad discretion to modify skill files without documented safeguards.
Install Mechanism
No install spec and no code files — the skill is instruction-only, which minimizes attack surface from downloads or arbitrary code. There is nothing written to disk by an installer.
Credentials
The skill does not request environment variables, binaries, or external credentials. That is proportionate to the stated purpose of scanning and sanitizing text files.
Persistence & Privilege
The SKILL.md claims 'TOP PRIORITY' and 'ALWAYS run after skill modifications', but metadata does not set always:true. The skill also sets disable-model-invocation: false (model can autonomously invoke it). Combined with the auto-trigger semantics described in SKILL.md, this implies the skill could be invoked automatically to read and modify skill files — a high-privilege operation — yet there are no safeguards described (preview, approvals, audit logs). The mismatch between claimed automated behavior and registry flags increases ambiguity about actual runtime privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-privacy-guard
  3. After installation, invoke the skill by name or use /skill-privacy-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of skill-privacy-guard: - Automatically detects and blocks sensitive information from skill files, including usernames, file paths, credentials, personal data, network identifiers, and more. - Auto-triggers after every skill file creation or edit to ensure no sensitive data is saved. - Enforces strict sanitization with regular expressions for common secrets, PII, infrastructure details, and other confidential info. - Maintains all skill files in generic, shareable, and secure form by replacing or removing sensitive patterns. - CRITICAL: Runs at highest priority after any skill modification to guarantee privacy protection.
Metadata
Slug skill-privacy-guard
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is skill-privacy-guard?

STOPS all sensitive information from entering skill files. Automatically blocks usernames, paths, personal data when creating or updating skills. CRITICAL -... It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.

How do I install skill-privacy-guard?

Run "/install skill-privacy-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is skill-privacy-guard free?

Yes, skill-privacy-guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does skill-privacy-guard support?

skill-privacy-guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created skill-privacy-guard?

It is built and maintained by zhanggroot7 (@zhanggroot7); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments