← Back to Skills Marketplace
52yuanchangxing

Prompt Leak Auditor

by vx:17605205782 · GitHub ↗ · v1.0.0 · MIT-0
darwinlinuxwin32 ✓ Security Clean
141
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install prompt-leak-auditor
Description
审查 prompt、Skill 文案和说明中是否泄漏密钥、路径、内部规则或高风险指令。;use for prompt, security, audit workflows;do not use for 把扫描到的密钥原文再次扩散, 输出可利用攻击步骤.
Usage Guidance
This appears coherent and low-risk, but review before running. The script will read any input path you give it — do not point it at live system secrets unless you intend to scan them. Use --dry-run or test on sanitized examples first. Note the masking in the script keeps the first four characters of matched 'secret-like' strings (e.g., 'abcd***'); if you need stronger redaction, sanitize inputs or modify the script. Always inspect the included scripts locally before executing and run them in an isolated environment if you have sensitive data.
Capability Analysis
Type: OpenClaw Skill Name: prompt-leak-auditor Version: 1.0.0 The 'prompt-leak-auditor' skill is a security tool designed to scan local files and prompts for sensitive information like API keys, hardcoded paths, and dangerous command patterns (e.g., curl|bash). The core logic in `scripts/run.py` uses regular expressions to identify risks and includes a masking mechanism to prevent the accidental exposure of discovered secrets in its reports. The instructions in `SKILL.md` explicitly forbid the agent from spreading leaked secrets or providing exploitable attack steps, aligning with its stated purpose of auditing and governance.
Capability Assessment
Purpose & Capability
Name/description match the included files and behavior. The only required binary is python3 and the bundle includes a local script (scripts/run.py) that implements pattern-based auditing of text files and directories — exactly what an auditor would need.
Instruction Scope
SKILL.md confines the skill to scanning prompts/skill docs and explicitly forbids leaking raw secrets or outputting exploit steps. It instructs the agent to run the provided local script or fall back to local templates. The script reads files and directories specified by the user (expected for an auditor). Note: the script will scan any path you pass it, so supplying sensitive system directories will cause it to read them; it masks detected secrets by truncating after the first four chars, not fully redacting.
Install Mechanism
No install spec or remote download. The skill is instruction + local Python script only, with no external package installs or network fetches.
Credentials
No environment variables, credentials, or config paths are requested. This is proportionate to a local auditing tool.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill does not request persistent presence, does not modify other skills, and only reads files the user points it at.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install prompt-leak-auditor
  3. After installation, invoke the skill by name or use /prompt-leak-auditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of prompt-leak-auditor. - Audits prompts and skill documentation for leaks of secrets, paths, internal rules, or high-risk instructions. - Designed for use in prompt, security, and audit workflows. - Provides a structured output covering scan scope, suspected leaks, high-risk patterns, remediation suggestions, review points, and follow-up actions. - Enforces strict boundaries: does not re-output detected secrets, avoids sharing exploit steps, and requires clear user confirmation before any risky actions. - Includes support for both script-based and manual audit methods depending on the environment. - Masks sensitive content by default and prioritizes transparency and auditability.
Metadata
Slug prompt-leak-auditor
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Prompt Leak Auditor?

审查 prompt、Skill 文案和说明中是否泄漏密钥、路径、内部规则或高风险指令。;use for prompt, security, audit workflows;do not use for 把扫描到的密钥原文再次扩散, 输出可利用攻击步骤. It is an AI Agent Skill for Claude Code / OpenClaw, with 141 downloads so far.

How do I install Prompt Leak Auditor?

Run "/install prompt-leak-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Prompt Leak Auditor free?

Yes, Prompt Leak Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Prompt Leak Auditor support?

Prompt Leak Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Prompt Leak Auditor?

It is built and maintained by vx:17605205782 (@52yuanchangxing); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments