Sanitize log entries by removing passwords, tokens, and other sensitive patterns using Expanso Edge pipelines.

This skill appears to do what it claims — local pattern-based redaction — but check a few things before installing or running it with sensitive logs: - Ensure you have expanso-edge from a trusted source; the registry metadata didn't declare this requirement even though the SKILL.md needs it. - By default the pipelines run locally and do not exfiltrate data. However, if you use the 'MCP' server mode it binds to 0.0.0.0:PORT by default — restrict it to localhost or protect it with a firewall/auth if you don't want it reachable from the network. - The README shows an optional 'Deploy to Expanso Cloud' command — deploying to a cloud provider can send logs off-host; only deploy if you trust that provider and understand its data handling. - Test on non-sensitive sample logs first and inspect outputs (sanitized text, redactions, metadata). Pay attention to metadata fields (input_hash, trace_id) if you need to avoid storing identifiable hashes. If you want higher assurance, ask the publisher for a signed expanso-edge release URL or for clarification about the missing required-binaries metadata entry.

Type: OpenClaw Skill Name: expanso-log-sanitize Version: 1.0.0 The skill 'expanso-log-sanitize' is designed to sanitize log entries by redacting sensitive patterns like passwords, tokens, and API keys. The `pipeline-cli.yaml` and `pipeline-mcp.yaml` files implement this functionality using `re_replace_all` operations, which are purely local string manipulations. There is no evidence of data exfiltration, arbitrary command execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` or `README.md`. The MCP mode's HTTP server is explicitly documented and serves the stated purpose of receiving log data for sanitization. All observed behaviors align with the stated purpose of a local log sanitization utility.