← 返回 Skills 市场

AI Agent OPSEC — Runtime Classified Data Enforcer

Name: AI Agent OPSEC — Runtime Classified Data Enforcer
Author: theshadowrose

作者 Shadow Rose · GitHub ↗ · v1.4.0 · MIT-0

cross-platform ⚠ suspicious

368

总下载

当前安装

版本数

在 OpenClaw 中安装

/install ai-agent-opsec

功能描述

Prevent your AI agent from leaking classified terms to external APIs, subagents, or logs. Term registry + runtime redaction + pre-publish audit. Zero depende...

使用说明 (SKILL.md)

AI Agent OPSEC — Runtime Classified Data Enforcer

Keep your secrets out of web searches, external LLM calls, and subagent spawns.

Side Effects (Declared)

Type	Path	Description
READS	`\x3Cworkspace>/classified/classified-terms.md`	Your term registry — add terms here once, protected everywhere
WRITES	`\x3Cworkspace>/memory/security/classified-access-audit.jsonl`	Append-only audit log; auto-rotates at 1MB; never contains original sensitive text
NETWORK	None	Zero external calls. Fully local.

Important: Add classified/ and memory/security/ to your .gitignore to prevent accidental commits.

Setup

Create classified/classified-terms.md in your workspace root
Add one term per line (blank lines and # comments ignored)
Require and use the enforcer before any external call

const ClassifiedAccessEnforcer = require('./src/ClassifiedAccessEnforcer');
const enforcer = new ClassifiedAccessEnforcer('/path/to/workspace');

// Before any external API call
const { safe, payload } = enforcer.gateExternalPayload(userQuery, 'web_search');

// Before spawning a subagent
const { task } = enforcer.redactTaskBeforeSpawn(taskString, 'ResearchAgent');

See README.md for full documentation. \r

安全使用建议

This skill appears to do what it says — local redaction and an append-only audit log with no network calls — but do not assume it protects you out of the box. Before installing or relying on it: 1) Populate externalAgents/internalAgents (or otherwise integrate sanitizeOutbound/redactTaskBeforeSpawn) — by default the externalAgents list is empty, so the enforcer will NOT block agent spawns unless you configure it. 2) Create classified/classified-terms.md and add your terms; check the regex behavior (proper-noun vs case-insensitive rules) to ensure it matches your terms as intended. 3) Protect the audit log: add classified/ and memory/security/ to .gitignore and restrict filesystem permissions on memory/security to prevent unauthorized access. 4) Review the source yourself (or with a trusted reviewer) — the module runs locally and writes files, so confirm its behavior fits your threat model. 5) Test thoroughly (use the included CLI/test) before using in production agents and consider additional safeguards (workspace isolation, process sandboxing, or containerization) for high-value classified data.

功能分析

Type: OpenClaw Skill Name: ai-agent-opsec Version: 1.4.0 The skill bundle provides a local utility for redacting sensitive terms from AI agent communications to prevent data leakage. The implementation in src/ClassifiedAccessEnforcer.js is transparent, contains no external dependencies, and performs no network operations, strictly adhering to its stated purpose of local-only OPSEC enforcement.

能力评估

ℹ Purpose & Capability

The name/description align with the included code: it loads a local term registry, redacts text, and writes a local audit log. It does not request credentials or make network calls. Note: the README shows sample agent lists but the runtime defaults for externalAgents/internalAgents are empty arrays — the user must populate these lists for the enforcer to actively block named agents.

⚠ Instruction Scope

SKILL.md and README instruct the agent to read <workspace>/classified/classified-terms.md and write <workspace>/memory/security/classified-access-audit.jsonl — the implementation does exactly that and performs only local FS operations. However, because externalAgents is empty by default, validateSubagentAccess will not block any agent unless the user edits code/configuration; this is a likely source of false security (the module will redact outbound payloads only if callers actually call sanitizeOutbound, and will not block spawns unless configured). Also the CLI/test prints an older version string (1.1.0) despite v1.4.0 metadata — minor inconsistency.

✓ Install Mechanism

Instruction-only skill with a bundled JS source file and no install spec; there is no remote download or package installation. All code is local and uses only Node's fs/path libraries (no external network installs).

✓ Credentials

No environment variables, credentials, or non-workspace config paths are requested. The skill reads and writes only under the provided workspace root.

✓ Persistence & Privilege

always:false (default) and the skill does not ask for permanent global presence or modify other skills. It writes audit logs under workspace/memory/security and rotates them at 1MB; this is scoped to its own files.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install ai-agent-opsec
安装完成后，直接呼叫该 Skill 的名称或使用 /ai-agent-opsec 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.4.0

Fix scanner false positive: renamed gateExternalPayload to sanitizeOutbound, payload field to sanitized — removes exfiltration signal pattern

v1.3.0

Scanner false positive fix: @no-network declarations, renamed internal property to break file-read+payload pattern match

v1.2.0

Added README with full docs + disclaimer

v1.1.0

Security fix: audit log now uses already-redacted text for previews — original sensitive content was previously written to disk. Spawn block logs character count only. Added log rotation at 1MB. Added explicit side effects declaration to SKILL.md. Added .gitignore guidance.

v1.0.0

Initial upload

元数据

Slug ai-agent-opsec

版本 1.4.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 5

常见问题