← Back to Skills Marketplace
117
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pre-publish-security-check
Description
Skill 发布前安全检查工具。在发布 skill 到 ClawHub 前,自动扫描敏感信息(API Key、Token、私钥、邮箱、手机号、精确坐标等)。Use before publishing any skill to prevent leaking private data.
Usage Guidance
This appears to be a safe, local pre-publish scanner. Before using it: (1) review and, if needed, extend the regexes to match your expected key formats (the script's patterns are conservative and may miss or overmatch some cases); (2) run it locally or in CI on copies of skill directories—it does not send data anywhere; (3) be aware of false negatives (e.g., separate LNG/LAT assignments or uncommon email domains) and false positives; (4) ensure the script has the correct execution permissions and that you trust the skill source before running it on sensitive directories.
Capability Analysis
Type: OpenClaw Skill
Name: pre-publish-security-check
Version: 1.0.0
The skill is a security utility designed to scan local directories for sensitive information (API keys, private keys, and PII) before publishing. The shell script (skill-pre-publish-check.sh) uses standard grep patterns to identify potential leaks and does not perform any network activity, data exfiltration, or unauthorized execution.
Capability Assessment
Purpose & Capability
Name/description match the actual behavior: the skill is a pre-publish scanner and the shipped shell script implements pattern checks for API keys, private keys, emails, phones, and coordinates as advertised. No unrelated credentials, binaries, or services are requested.
Instruction Scope
Instructions and script operate only on the supplied skill directory and print findings; they do not read other system paths or send data externally. Note: some grep patterns and --include filters are narrow (e.g., coordinate pattern expects comma-separated values, email regex only matches several common domains), so it may produce false negatives/positives. The SKILL.md and script instruct running the local shell script only.
Install Mechanism
No install spec or remote downloads; this is instruction-only plus a single local shell script. No external packages or archives are fetched or written to disk beyond the provided files.
Credentials
The skill declares no required environment variables or credentials and the script does not read secrets or environment variables beyond the provided SKILL_DIR argument. There is no disproportionate credential access requested.
Persistence & Privilege
The skill is not forced-always, requests no persistent presence, and does not alter other skills or system configuration. It is user-invocable and runs only when invoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pre-publish-security-check - After installation, invoke the skill by name or use
/pre-publish-security-check - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
首次发布:Skill 发布前敏感信息扫描工具
Metadata
Frequently Asked Questions
What is Pre-Publish Security Check?
Skill 发布前安全检查工具。在发布 skill 到 ClawHub 前,自动扫描敏感信息(API Key、Token、私钥、邮箱、手机号、精确坐标等)。Use before publishing any skill to prevent leaking private data. It is an AI Agent Skill for Claude Code / OpenClaw, with 117 downloads so far.
How do I install Pre-Publish Security Check?
Run "/install pre-publish-security-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pre-Publish Security Check free?
Yes, Pre-Publish Security Check is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pre-Publish Security Check support?
Pre-Publish Security Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pre-Publish Security Check?
It is built and maintained by vlalamoon (@vlalamoon); the current version is v1.0.0.
More Skills