← Back to Skills Marketplace
qinkai25

敏感内容处置器

by qing · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ✓ Security Clean
163
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install sensitive-content-disposal
Description
支持关键词脱敏、文件加密和水印添加,对扫描出的敏感内容进行合规处置并可发送通知,需先使用敏感内容扫描器。
Usage Guidance
This package appears to do what it says (redact and encrypt files and send notifications), but you should be cautious before running it on sensitive data: - Review the code before use: the encryption implementation uses PBKDF2 to derive a key but then XORs file bytes with that key (weak, nonstandard encryption). Do not rely on it for high-sensitivity data. - The tool records and can send the encryption password in the result metadata and in webhook notifications. Only configure trusted webhook endpoints and avoid sending passwords unless you accept that exposure. - Back up original files before running; the tool can overwrite originals if --overwrite is used. - Install dependencies locally in an isolated environment (virtualenv) using requirements.txt; inspect any network calls the script makes (requests usage) and only point webhooks to trusted URLs. - If you need stronger guarantees, replace the encryption routine with a well-reviewed library (e.g., use standard AES/GCM tooling) and remove sending of passwords in notifications. Confidence is medium because the provided script listing was truncated; review the full scripts/disposal.py before trusting it with sensitive production data.
Capability Analysis
Type: OpenClaw Skill Name: sensitive-content-disposal Version: 1.2.0 The skill provides legitimate utility for redacting sensitive PII (Personal Identifiable Information) and encrypting files across various formats including Office documents and PDFs. The implementation in `scripts/disposal.py` uses standard regex patterns for identifying sensitive data and a basic XOR-based encryption scheme. While the encryption method is cryptographically weak and the notification feature sends sensitive data (like passwords) to user-configured webhooks (Feishu/WeCom), these behaviors are consistent with the stated functionality and do not exhibit signs of intentional malice, hidden exfiltration, or prompt injection.
Capability Assessment
Purpose & Capability
Name/description (sensitive content disposal: redaction + encryption + notifications) match the shipped files and dependencies (docx/openpyxl/python-pptx/PyMuPDF/requests). There are no unrelated environment variables or surprising binaries required.
Instruction Scope
SKILL.md and README describe only file redaction/encryption and sending notifications to Feishu/WeCom (webhooks). That matches the code. However the instructions explicitly state that the encryption password may be included in notifications and the script's processing results include the password—this means secrets chosen by the user can be transmitted to external webhook endpoints. The README also allows overwrite of original files (dangerous if used unintentionally).
Install Mechanism
No install spec is provided (instruction-only), but the package includes a Python script and requirements.txt. Users must manually install Python dependencies via pip; nothing is downloaded from unknown URLs during install. This is low installation risk but you must run code locally to use it.
Credentials
The skill declares no required environment variables or credentials, which is consistent. However the tool accepts webhook URLs or a config file and will (by design) include the encryption password in the output metadata and optionally in webhook notifications. That behavior increases the chance of secret exposure to any configured external endpoint and is disproportionate unless the user intentionally wants the password shared.
Persistence & Privilege
The skill does not request persistent/system-wide privileges and always:false. It does require file write permission for its stated purpose and can overwrite original files if user chooses --overwrite; there is no evidence it alters other skills or system settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sensitive-content-disposal
  3. After installation, invoke the skill by name or use /sensitive-content-disposal
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
- Added support for PDF (pdf) file format for both desensitization and encryption. - Updated technical information to list `PyMuPDF` for PDF processing. - Bumped version to 1.2.0 and updated the release date.
v1.1.0
- Feature set reduced: watermarking functionality removed—now supports only keyword masking/redaction and file encryption. - Notifications and supported channels unchanged. - Free to use; subscription requirement removed. - Documentation updated to reflect only two disposal methods, new pricing, and supported formats. - Internal: one documentation file (ClawHub发布指南.md) removed. ## [1.1.0] - 2026-04-20 log ### 变更 🔄 - **改为免费版**:无需订阅,完全免费使用 - **移除水印功能**:删除全部水印相关代码和文档 - 删除 `WatermarkProcessor` 类 - 删除 6 种格式的水印方法(txt/md/json/xml/docx/xlsx/pptx) - 删除 CLI 参数 `--watermark-text` - 删除处置动作 `watermark` ### 文档更新 📝 - **SKILL.md** — 去掉水印章节、定价改为免费 - **README.md** — 同步更新,去掉水印引用 - **用户操作指南.md** — 删除「方式三:添加水印」整节 - **CHANGELOG.md** — 改为中文版本
v1.0.0
# 更新日志 ## v1.0.0 (2026-04-20) ### 新功能 #### 脱敏处理 - ✅ **部分替换**:保留首尾字符,中间替换为 `*` - 身份证号:`110101199001011234` → `110101********1234` - 手机号:`13812345678` → `1*********8` - 银行卡:`6222021234567890123` → `6*****************3` - 邮箱:`[email protected]` → `t**************m` - IP地址:`192.168.1.100` → `1***********0` - ✅ **关键字替换**:完整替换为 `[REDACTED]` - 适用于:密码、密钥、机密等敏感词 - ✅ **正则替换**:按自定义正则规则替换中间部分 #### 文件加密 - ✅ 支持设置加密密码 - ✅ XOR + PBKDF2 加密算法 - ✅ 支持飞书/企业微信通知密码 #### 添加水印 - ✅ 文本水印 - ✅ 可自定义水印内容 - ✅ 添加时间戳 #### 支持格式 - ✅ 文本文件:txt, md, json, xml - ✅ Office文档:docx, xlsx, pptx #### 通知功能 - ✅ 飞书 Webhook 通知 - ✅ 企业微信 Webhook 通知
Metadata
Slug sensitive-content-disposal
Version 1.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is 敏感内容处置器?

支持关键词脱敏、文件加密和水印添加,对扫描出的敏感内容进行合规处置并可发送通知,需先使用敏感内容扫描器。 It is an AI Agent Skill for Claude Code / OpenClaw, with 163 downloads so far.

How do I install 敏感内容处置器?

Run "/install sensitive-content-disposal" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 敏感内容处置器 free?

Yes, 敏感内容处置器 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 敏感内容处置器 support?

敏感内容处置器 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 敏感内容处置器?

It is built and maintained by qing (@qinkai25); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments