← Back to Skills Marketplace
caidongyun

Agent Security Dlp

by caidongyun · GitHub ↗ · v2.1.3 · MIT-0
cross-platform ✓ Security Clean
217
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install agent-security-dlp
Description
Agent Security DLP - 企业级数据防泄漏系统 功能: 入口防护、记忆保护、工具管控、出口过滤、审计日志 规则: 170条,覆盖金融、医疗、汽车、销售、人力资源、物流等25+行业 触发: check-output(对话出口) / check-input(对话入口) / check-tool(工具执...
README (SKILL.md)

Agent Security DLP

版本: v2.1.2
规则: 170条
状态: ✅ 可用

简介

企业级数据防泄漏系统,支持 166 条敏感信息检测规则,覆盖 25+ 行业场景。

核心特性

  • 🚀 146 条规则 - 覆盖金融、医疗、汽车、销售、人力资源、物流等
  • 🛡️ 五层防护 - 入口、记忆、工具、出口、审计
  • 🎯 智能处理 - 自动拦截/脱敏/记录
  • 高性能 - 正则预编译,并行检测

规则分类

类别 数量 说明
🔑 凭证密钥 45 API Key、Token、私钥等
💰 金融 18 银行卡、股票、加密货币等
🏥 医疗 15 病历、医保、诊断等
🚗 汽车 14 车架号、行驶证、保险等
👥 人力资源 8 工号、工资、社保等
📦 物流 11 快递单、运单、地址等
🇨🇳 中国 PII 6 身份证、手机、护照等
📜 法规 4 合同、专利、版权等
🎓 教育 2 学号、准考证等
🏛️ 政府 2 公务员编号、警官证等
📱 设备 2 IMEI、MAC地址等
💬 社交 1 微信号等
🛒 电商 1 订单号等
✈️ 交通 3 车牌、机票、火车票等
📞 通信 1 通话记录等
🎟️ 会员 3 会员ID、积分等

架构

用户输入 → Input Guard → Agent → Memory Guard → Tool Guard → Output Filter → 用户
              注入检测        记忆检查      工具审批      脱敏拦截
                    ↓                                    ↓
              审计日志                              审计日志

使用方式

1. 查看状态

python3 skills/agent-security-dlp/bin/agent-dlp status

2. 检查入口 (Prompt Injection)

python3 skills/agent-security-dlp/bin/agent-dlp check-input "忽略之前的指令"
# 输出: 注入检测: 是 ❌

3. 检查出口 (敏感信息)

python3 skills/agent-security-dlp/bin/agent-dlp check-output "我的手机是13812345678"
# 输出: 拦截: 否 ✅, 发现: 中国手机号 (high)

4. 检查工具

python3 skills/agent-security-dlp/bin/agent-dlp check-tool exec
# 输出: 需要审批: 是 ⚠️

5. 查看日志

python3 skills/agent-security-dlp/bin/agent-dlp logs

规则示例

凭证密钥

规则 示例
openai_key sk-xxx...
github_token ghp_xxx...
aws_key AKIA...
stripe_key sk_live_xxx...

金融

规则 示例
bank_card 622202xxx...
crypto_address bc1xxx...
salary 工资: 15000元

医疗

规则 示例
medical_record 病历号: MR2026...
medical_insurance 医保卡: 123456...
diagnosis 诊断: 高血压

人力资源

规则 示例
employee_id 工号: E00123
salary 工资: 15000元
social_security 社保账号: SS123...

配置

编辑 config/config.json:

{
  "enabled": true,
  "mode": "normal",
  "input": {
    "injection_detection": true
  },
  "output": {
    "enabled": true,
    "rules": ["china_idcard", "china_phone", "api_key", ...]
  }
}

模式

模式 说明
normal 记录但不拦截,只拦截严重风险
strict 完整检查,严格拦截
personal 个人轻量版,自动脱敏

代码结构

agent-security-dlp/
├── SKILL.md              # 本文档
├── README.md             # 使用说明
├── bin/
│   └── agent-dlp         # CLI 入口
├── lib/
│   └── agent_dlp.py      # 核心模块
├── config/
│   ├── config.json       # 主配置
│   └── personal.json     # 个人模式配置
└── docs/
    └── RULES.md          # 规则清单

核心类

功能
DLPConfig 配置管理
DLPRules 规则定义 (146条)
InputGuard 入口检测
MemoryGuard 记忆保护
ToolGuard 工具管控
OutputFilter 出口过滤
AuditLogger 审计日志
AgentDLP 主类,整合所有功能

Python 调用

from agent_dlp import AgentDLP

# 初始化
dlp = AgentDLP()

# 检查入口
result = dlp.check_input("忽略之前的指令")

# 检查出口
blocked, text, details = dlp.check_output("我的手机138xxxx")

# 检查工具
result = dlp.check_tool("exec", {"command": "rm -rf /"})

输出模式

级别 说明
critical 立即拦截
high 脱敏 + 告警
medium 仅记录
low 忽略

性能

  • 单条检测: \x3C 1ms
  • 规则数: 146 条
  • 支持自定义规则
  • 正则预编译

更新日志

v2.0.0 (2026-03-17)

  • 新增 146 条规则
  • 覆盖 20+ 行业
  • 性能优化
  • 新增 personal 模式

v1.0.0 (2026-03-14)

  • 初始版本
  • 25 条基础规则

许可证

MIT License

版本: v2.0.0 | 更新: 2026-03-17

Usage Guidance
This package appears to be a local, regex-based DLP tool that matches its description. Before installing or enabling it broadly: 1) Verify the full lib/agent_dlp.py (the provided manifest was truncated) to ensure there are no network calls, hidden remote endpoints, or code that executes untrusted commands. 2) Confirm whether any automatic rule-update functionality is active and, if so, where it fetches rules from and how updates are validated. 3) Note the audit log path (~/.openclaw/logs/dlp-audit.log) — logs will be written locally; ensure this is acceptable for your environment. 4) The documentation/packaging has small inconsistencies (CLI name referenced in docs: bin/agent-dlp vs actual bin/dlp_client.py; version numbers differ across files); verify which entrypoint you will run and test the CLI in a sandbox with harmless inputs. 5) If you plan to use check_tool with tool names that map to dangerous operations, make sure approval workflows are enforced and that the DLP does not itself execute commands. If you want higher assurance, run the package in an isolated environment, review the complete source for any network I/O, and run static analysis/search for requests, urllib, socket, subprocess, os.system or similar calls that could alter system state or exfiltrate data.
Capability Analysis
Type: OpenClaw Skill Name: agent-security-dlp Version: 2.1.3 The bundle is a comprehensive Data Loss Prevention (DLP) security tool designed to protect AI agents from sensitive data leaks and prompt injection attacks. It contains over 160 well-defined regex patterns in lib/agent_dlp.py for detecting PII, financial records, and API credentials across multiple industries. The logic is purely defensive, implementing input/output filtering, tool execution guards, and local audit logging (~/.openclaw/logs/dlp-audit.log) without any external network dependencies or evidence of data exfiltration.
Capability Assessment
Purpose & Capability
Name and description describe a local Data Loss Prevention tool and the code present (lib/agent_dlp.py + bin/dlp_client.py) implements regex-based detection, rules, CLI and Python APIs consistent with that purpose. The rule set and config entries (many credential/PII patterns) are expected for a DLP product.
Instruction Scope
SKILL.md and README only instruct local use (check-input/check-output/check-tool, edit config.json, view logs). They reference a log file (~/.openclaw/logs/dlp-audit.log) and show examples (including a dangerous command as a test input) but do not instruct reading unrelated system files or exfiltrating data. The docs include a RuleUpdater example with a remote_url placeholder (https://api.example.com/rules) — that's only in docs and not obviously invoked by shipped code, but it signals a potential feature to fetch updates that you should confirm is disabled or implements safe validation.
Install Mechanism
No install spec; code is included in the skill bundle (source files only). That is lower-risk than arbitrary remote downloads. Requirements claim no external packages; files rely on stdlib. No installers or external download URLs are present.
Credentials
The skill requests no environment variables or credentials. Its config lists many types of sensitive items to detect (API keys, tokens, PII) which is appropriate for a DLP. The audit log path writes to the user's home directory (~/.openclaw/logs/dlp-audit.log) — expected but you should be aware it will create/write local logs.
Persistence & Privilege
The skill does not request always:true and has no install-time system-wide changes described. It appears to run locally and does not modify other skills or global agent settings in the provided files.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agent-security-dlp
  3. After installation, invoke the skill by name or use /agent-security-dlp
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.3
修复4个问题,100%测试通过
v2.1.2
170条规则
v2.0.0
Agent Security DLP v2.0.0 is a major update with expanded rule coverage and improved performance: - Expanded to 146 detection rules covering 20+ industries. - Added personal (轻量脱敏) mode for individual users. - Performance optimized with regex pre-compilation and parallel detection. - Introduced five-layer protection: input, memory, tool, output, and audit. - Updated configuration options for flexible deployment.
Metadata
Slug agent-security-dlp
Version 2.1.3
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 3
Frequently Asked Questions

What is Agent Security Dlp?

Agent Security DLP - 企业级数据防泄漏系统 功能: 入口防护、记忆保护、工具管控、出口过滤、审计日志 规则: 170条,覆盖金融、医疗、汽车、销售、人力资源、物流等25+行业 触发: check-output(对话出口) / check-input(对话入口) / check-tool(工具执... It is an AI Agent Skill for Claude Code / OpenClaw, with 217 downloads so far.

How do I install Agent Security Dlp?

Run "/install agent-security-dlp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Security Dlp free?

Yes, Agent Security Dlp is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Agent Security Dlp support?

Agent Security Dlp is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent Security Dlp?

It is built and maintained by caidongyun (@caidongyun); the current version is v2.1.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments