← 返回 Skills 市场
elliotllliu

Agent Hush

作者 Elliot Liu · GitHub ↗ · v1.2.1 · MIT-0
cross-platform ⚠ suspicious
341
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install agent-hush
功能描述
Invisible privacy guardian for agent workspaces. Automatically intercepts outbound actions (git push, skill publish, file sharing) and checks for sensitive d...
使用说明 (SKILL.md)

Agent Hush — Silent Privacy Guardian 🤫

You are a silent guardian. Users should never need to type a command. You intercept outbound actions automatically and protect their privacy.

When to Activate (Auto-Trigger Rules)

🚨 MUST check before these actions:

1. Git push / sync / upload When the user says anything like:

  • "帮我推代码" / "同步到 GitHub" / "git push" / "push 一下"
  • "帮我同步" / "上传代码" / "commit and push"

→ Before executing the push, run:

python3 SKILL_DIR/scripts/sanitize.py check-push [repo_path]

2. Skill publish When the user says anything like:

  • "发布 skill" / "publish to ClawHub" / "clawhub publish"
  • "把这个 skill 上传" / "发到技能市场"

→ Before publishing, run:

python3 SKILL_DIR/scripts/sanitize.py check [skill_directory]

3. File sharing When the user wants to share files, directories, or code snippets with others.

→ Check the files/directory first.

ℹ️ SHOULD check in background:

4. Heartbeat / periodic scan During routine heartbeat checks, quietly scan workspace for new high-confidence secrets. Don't interrupt the user unless something critical is found.

python3 SKILL_DIR/scripts/sanitize.py check [workspace] --severity critical --quiet

💬 Respond to direct questions:

5. User asks about privacy When the user asks:

  • "我的文件里有没有敏感信息?" / "检查一下隐私"
  • "有什么密钥暴露了吗?" / "scan my workspace"

→ Run a full local scan and present findings:

python3 SKILL_DIR/scripts/sanitize.py scan [path]

How to Handle Results

Clean (exit code 0) → Proceed silently

Don't even mention the scan. Just do what the user asked. User experience: they never knew you checked.

High-confidence findings → Block, explain, and offer to fix

Tell the user specifically what you found — one sentence per finding. Then ask if they want you to handle it.

Example dialogue:

Agent: "你要推的代码里有个 GitHub Token(ghp_***abcd)在 config.json 第 12 行, 推上去会泄露。我帮你替换掉再推?" User: "好" Agent: (replaces token, then pushes) "搞定,已经替换并推送了。"

If multiple high-confidence findings:

Agent: "等一下,发现 2 个问题: 1. config.json 第 12 行有个 GitHub Token 2. deploy.sh 第 5 行有个 AWS Key 要我帮你都处理掉再推吗?"

Low-confidence findings → Mention casually AFTER handling high-confidence ones

Never block for low-confidence items. Just mention them lightly after the main issue is resolved.

Example — high + low confidence mixed:

Agent: "搞定了,Token 已经替换。 另外还有 3 个不太确定的:一个邮箱地址、两个内网 IP—— 可能是代码示例不用管,也可以一起清掉。你看要处理吗?"

User: "不用了,推吧" → Agent pushes. Done. User: "让我看看" → Agent shows details, user decides each one. User: "全部处理掉" → Agent replaces all, then pushes.

Example — only low-confidence items found:

Agent: "扫了一遍,没有发现明确的密钥泄露。 有几个不太确定的(2 个 IP 地址,1 个邮箱), 大概率是代码里的示例。要看一下还是直接推?"

User: "直接推" → Push immediately.

Key principles:

  1. User never hears the words "conservative" or "aggressive" — these are internal concepts
  2. High-confidence = agent takes initiative ("我帮你处理掉?")
  3. Low-confidence = agent defers to user ("你看要不要处理?")
  4. User's response naturally determines the depth — no mode selection needed
  5. One finding = one sentence. Don't dump a wall of text.
  6. If user says "这是故意的" or "不用管" or "ignore this" → run sanitize allow "\x3Citem>" --path \x3Cworkspace> to add to allowlist. If it's a domain pattern (like all emails from example.com), use wildcard: sanitize allow "*@example.com". Confirm with a brief message like "好的,以后不会再提醒这个了。"

Commands Reference (for agent use, NOT for users)

# Pre-push check (only staged/modified files)
python3 SKILL_DIR/scripts/sanitize.py check-push [repo_path]

# Pre-publish check (entire directory)
python3 SKILL_DIR/scripts/sanitize.py check [directory]

# Full local scan (informational, for when user asks)
python3 SKILL_DIR/scripts/sanitize.py scan [directory]

# Create sanitized copy (original untouched)
python3 SKILL_DIR/scripts/sanitize.py export [source] [dest] --force

# Replace in local files (with backup)
python3 SKILL_DIR/scripts/sanitize.py fix [directory] --dry-run

# All above support: --json, --severity, --quiet, --aggressive
# Default mode is conservative (only high-confidence auto-replace)
# Add --aggressive to include low-confidence matches

Confidence Levels

High confidence (auto-fixable): AWS Keys, GitHub Tokens, OpenAI Keys, Slack Tokens, Discord Tokens, Anthropic Keys, Private Key blocks, DB connection strings, ID cards, credit cards. → These formats are unique and unambiguous. Safe to auto-replace.

Low confidence (report only): Generic password=xxx/token=xxx, private IPs, SSH paths, emails, phone numbers, file paths. → Could be real code or documentation. Only report, let user decide.

Tone Guide

  • Be matter-of-fact, like a friend casually pointing something out
  • ❌ "CRITICAL SECURITY ALERT! 5 VULNERABILITIES DETECTED!"
  • ❌ "Running privacy-guard scan in conservative mode..."
  • ✅ "你要推的文件里有个 AWS Key,我帮你处理掉?"
  • ✅ "搞定了。另外有几个不太确定的,你看要不要也处理一下?"
  • Speak the user's language (Chinese if user speaks Chinese)
  • Be brief. One finding = one sentence. No technical jargon.
  • Never mention "conservative mode", "aggressive mode", "confidence level", or any internal implementation details to the user.

Config File — .sanitize.json

If present in workspace root, used to customize behavior:

{
  "exclude_dirs": [".git", "node_modules"],
  "exclude_files": ["*.bak"],
  "allowlist": ["[email protected]", "192.168.1.1"],
  "custom_secrets": ["MYAPP_KEY_[A-Za-z0-9]{32}"],
  "max_file_size_kb": 512
}

Replace SKILL_DIR with the absolute path to this skill's directory.

安全使用建议
This skill appears to implement a local secret scanner and sanitizer, but its runtime rules instruct the agent to run silent, automatic scans and to auto-replace and push high-confidence findings. Before installing: 1) Audit scripts/sanitize.py yourself (search for network/socket/HTTP calls, remote endpoints, or suspicious subprocess use) to confirm 'local-only' behavior. 2) Test the tool in a disposable repo with --dry-run/export to verify backups and sanitization behavior. 3) Disable or require explicit confirmation for automatic fixes/pushes (avoid silent auto-push) or disable background heartbeat scans until you trust it. 4) Verify where allowlist/backups are stored and that they don’t leak secrets. 5) If you lack time to audit, prefer manual invocation only (run scans yourself) rather than enabling automatic interception. If you want, I can point out exact places in sanitize.py to inspect for network/exfiltration calls.
功能分析
Type: OpenClaw Skill Name: agent-hush Version: 1.2.1 Agent Hush is a privacy-focused security utility designed to detect and redact sensitive information (API keys, tokens, PII, and infrastructure details) before it is leaked through outbound actions like git pushes or skill publishing. The core logic in `scripts/sanitize.py` implements a comprehensive scanner using over 200 regex rules derived from the Gitleaks project and AI-specific patterns, operating entirely locally with no external network dependencies. The instructions in `SKILL.md` guide the AI agent to proactively and silently intercept high-risk actions to perform these checks, which is consistent with the tool's stated purpose as a privacy guardian.
能力评估
Purpose & Capability
Name/description, shipped scripts (sanitize.py + gitleaks converter) and commands in SKILL.md align with a local secret-detection/sanitization tool. No unrelated env vars or binaries are requested.
Instruction Scope
Runtime instructions require the agent to automatically intercept 'ANY outbound action' (push/publish/share), run scans, perform automatic high-confidence replacements, and in some examples commit/push on the user's behalf — and to keep many operations silent ('proceed silently' for clean scans). That broad, hidden behavior is intrusive and could surprise users; you should confirm exactly when the agent will modify files, commit, or push and whether those actions require explicit user consent in your environment.
Install Mechanism
No download-from-URL or external installer is embedded in the skill package provided; this is an instruction+script skill with no external install spec. The included docs reference clawhub/npm for installation, which is expected for agent skills but not part of the skill itself.
Credentials
The skill requests no extra environment variables or secrets, which is proportionate. However it performs git operations (push/replace) via subprocesses and will rely on the agent's existing git credentials to push changes — so it can operate on remote services using your auth. It also writes allowlist and backups into project directories (persisting state on-disk).
Persistence & Privilege
always:false (good). The agent is allowed autonomous invocation (normal), and SKILL.md expects the agent to run background/heartbeat scans and persist allowlists/backups in workspaces. Combined with automatic in-place fixes and pushes, this increases the blast radius if misconfigured — consider restricting autonomous triggers or requiring explicit confirmation before any push.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install agent-hush
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /agent-hush 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.1
False positive rate reduced from 13.4% to 4.9%. Exclude .env.example files, enhanced code pattern heuristic.
v1.2.0
User-friendly allowlist: sanitize allow command with wildcard support. Users just tell their Agent to ignore something.
v1.1.2
Code pattern heuristic reduces false positives from 13.4% to 6.5%. Full English README. 2000-case test: 100% true positive.
v1.1.1
Fix 3 missing rules (DB conn, Private Key, Twilio). 2000-case test: 100% true positive rate.
v1.1.0
Integrate 196 Gitleaks community rules + OpenAI/Anthropic/Discord exclusive rules. 220+ total detection rules.
v1.0.2
Fix: AWS Secret Key in JSON format, dashed Chinese phone numbers. 100-case test suite: 80/80 true positives.
v1.0.1
Fix: AWS Key detection was missing due to regex lookbehind bug. All 10 test cases now pass.
v1.0.0
Initial release: silent privacy guardian for agent workspaces. Auto-detects API keys, tokens, PII, and infrastructure info before git push or skill publish. Conservative/aggressive modes, zero dependencies.
元数据
Slug agent-hush
版本 1.2.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 8
常见问题

Agent Hush 是什么?

Invisible privacy guardian for agent workspaces. Automatically intercepts outbound actions (git push, skill publish, file sharing) and checks for sensitive d... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 341 次。

如何安装 Agent Hush?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-hush」即可一键安装,无需额外配置。

Agent Hush 是免费的吗?

是的,Agent Hush 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Agent Hush 支持哪些平台?

Agent Hush 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Agent Hush?

由 Elliot Liu(@elliotllliu)开发并维护,当前版本 v1.2.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论