← 返回 Skills 市场
khaney64

Leak Check

作者 Kevin Haney · GitHub ↗ · v0.1.8 · MIT-0
cross-platform ✓ 安全检测通过
906
总下载
0
收藏
3
当前安装
9
版本数
在 OpenClaw 中安装
/install leak-check
功能描述
Scan session logs for leaked credentials. Checks JSONL session files against known credential patterns and reports which AI provider received the data.
使用说明 (SKILL.md)

Leak Check

Scan OpenClaw session JSONL files for leaked credentials. Reports which real AI provider (anthropic, openai, google, etc.) received the data, skipping internal delivery echoes.

Quick Start

# Check for leaked credentials (default: discord format)
node /home/claw/.openclaw/workspace/skills/leak-check/scripts/leak-check.js

# JSON output
node /home/claw/.openclaw/workspace/skills/leak-check/scripts/leak-check.js --format json

Configuration

Credentials to check are defined in leak-check.json. The script searches for this file in order:

  1. Skill directory (./leak-check.json) — for backward compatibility
  2. ~/.openclaw/credentials/leak-check.json — recommended persistent location (survives skill updates via clawhub)

Since clawhub clears the skill directory on updates, place your config in ~/.openclaw/credentials/ to avoid losing it:

mkdir -p ~/.openclaw/credentials
cp leak-check.json ~/.openclaw/credentials/leak-check.json

You can also specify an explicit path with --config.

[
  { "name": "Discord", "search": "abc*xyz" },
  { "name": "Postmark", "search": "k7Qm9x" }
]

Important: Do not store full credentials in this file. Use only a partial fragment — enough to uniquely identify the credential via a contains, begins-with, or ends-with match.

Wildcard patterns:

  • abc* — starts with "abc"
  • *xyz — ends with "xyz"
  • abc*xyz — starts with "abc" AND ends with "xyz"
  • abc (no asterisk) — contains "abc"
  • "" (empty) — skip this credential

Options

  • --format \x3Ctype> — Output format: discord (default) or json
  • --config \x3Cpath> — Path to credential config file (default: ./leak-check.json, then ~/.openclaw/credentials/leak-check.json)
  • --help, -h — Show help message

Output

Discord (Default)

🔐 **Credential Leak Check**

⚠️ **2 leaked credentials found**

**Discord Token**
• Session: `abc12345` | 2026-02-14 18:30 UTC | Provider: anthropic

**Postmark**
• Session: `def67890` | 2026-02-10 09:15 UTC | Provider: anthropic

Or if clean:

🔐 **Credential Leak Check**
✅ No leaked credentials found (checked 370 files, 7 credentials)

Config Echoes

If the leak-check.json config file is read or discussed during an OpenClaw session, the credential patterns will appear in that session's JSONL log. The scanner detects this and reports these matches separately as config echoes rather than real leaks:

📋 **3 possible config echoes** (session contains leak-check config)

• **Discord**: 1 session
...

✅ No credential leaks beyond config echoes

Config echoes will continue to appear on every run until the session file is removed. To clear them, delete the session file from ~/.openclaw/agents/main/sessions/:

rm ~/.openclaw/agents/main/sessions/\x3Csession-uuid>.jsonl

Tip: Avoid reading or referencing leak-check.json during an OpenClaw session. If it happens, note the session ID from the report and delete it.

JSON

{
  "leaks": [
    {
      "credential": "Discord Token",
      "session": "abc12345",
      "timestamp": "2026-02-14T18:30:00.000Z",
      "provider": "anthropic"
    }
  ],
  "configEchoes": [
    {
      "credential": "Gateway",
      "session": "b175e53c",
      "timestamp": "2026-02-19T18:00:30.067Z",
      "provider": "minimax-portal",
      "configEcho": true
    }
  ],
  "summary": {
    "filesScanned": 370,
    "credentialsChecked": 7,
    "leaksFound": 2,
    "configEchoesFound": 1
  }
}

Security

This skill is designed to be local-only and read-only. The following properties can be verified by inspecting scripts/leak-check.js:

  • No network access — no use of http, https, net, dgram, fetch, WebSocket, or any network API
  • No child processes — no use of child_process, exec, spawn, or execSync
  • No external dependencies — zero npm packages; only Node.js built-ins (fs, path, os)
  • No dynamic code execution — no eval(), Function(), or dynamic require()/import()
  • No file writes — only fs.readFileSync, fs.existsSync, and fs.readdirSync are used; no files are created, modified, or deleted
  • No environment variable access — does not read process.env
  • Output is stdout only — all results go to console.log; nothing is sent elsewhere

Verify It Yourself

Confirm no unexpected APIs are used anywhere in the script:

grep -E 'require\(|import |http|fetch|net\.|dgram|child_process|exec|spawn|eval\(|Function\(|\.write|\.unlink|\.rename|process\.env' scripts/leak-check.js

Expected output — only the three built-in require() calls at the top of the file:

const fs = require('fs');
const path = require('path');
const os = require('os');
安全使用建议
This skill appears to do exactly what it claims: scan local OpenClaw session JSONL files for credential fragments you configure. Before installing or running: 1) review the leak-check.json you create to ensure it contains only non-sensitive fragments (the SKILL.md warns not to store full credentials); 2) be aware the script will read all files under ~/.openclaw/agents/main/sessions (these files often contain sensitive content) — that is necessary for the scan but means the process will access any secrets present; 3) if you want extra assurance, run the provided grep the SKILL.md suggests to confirm there are no network/child_process calls in the installed copy; and 4) keep this skill run locally and do not put full credentials in the config. If you want, I can re-check the full (untruncated) script text or search it for specific APIs/strings before you run it.
功能分析
Type: OpenClaw Skill Name: leak-check Version: 0.1.8 The 'leak-check' skill is a security utility designed to scan local OpenClaw session logs for accidental credential leaks. The script 'scripts/leak-check.js' strictly adheres to the security claims made in 'SKILL.md', using only built-in Node.js modules (fs, path, os) with no network access, no external dependencies, and no file-writing capabilities. It includes logic to distinguish between actual leaks and 'config echoes' where the tool's own configuration is discussed in a session.
能力评估
Purpose & Capability
Name/description (scan session logs for leaked credentials) align with what the skill does: it reads OpenClaw session JSONL files and checks them against patterns from a local leak-check.json. Required binary (node) is appropriate and there are no unrelated environment variables or external service credentials requested.
Instruction Scope
SKILL.md and the script restrict actions to reading session files and a local config file (~/.openclaw/credentials/leak-check.json or ./leak-check.json). The instructions explicitly describe behavior (including config-echo detection and how to remove session files). The script recurses the sessions directory and reads files, which is expected for its purpose; it does not instruct collecting or transmitting data elsewhere.
Install Mechanism
No install spec is provided (instruction-only with an included script). Requiring node is normal and no external downloads, package installs, or archive extraction are present.
Credentials
The skill requires no environment variables or external credentials. Its configuration comes from a local JSON file that the user supplies (and is explicitly advised to store only partial fragments). This is proportionate to the functionality.
Persistence & Privilege
The skill is not always-enabled and uses normal, explicit invocation. It does not attempt to modify other skills or system-wide settings; it reads files under the user's OpenClaw directories only.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install leak-check
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /leak-check 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.8
- Quick Start instructions updated to use absolute script paths. - No other functional or behavioral changes.
v0.1.7
- Added a new "Security" section to documentation explaining local-only, read-only behavior and detailing all restricted APIs. - Provided a self-verification guide with exact `grep` command to confirm no network, process, write, or dynamic execution capabilities exist in the script. - Clarified which Node.js modules are (and are not) used, improving transparency and trust for users.
v0.1.6
- Improved CLI help message and usage summary. - Updated documentation for clarity and consistency. - No changes to core leak-check or scanning logic.
v0.1.5
- Updates preferred config search path to ~/.openclaw/credentials/leak-check.json instead of ~/clawd/leak-check.json. - Documentation in SKILL.md revised to match new config file location and setup instructions. - Legacy config path ./leak-check.json is still checked for backward compatibility. - No changes to command-line options or output formats.
v0.1.4
- Added support for loading credential config from ~/clawd/leak-check.json (persistent location compatible with clawhub skill updates), with fallback to skill directory for backward compatibility. - Updated documentation to clarify config search order and recommend storing configuration in ~/clawd to prevent loss during upgrades. - No changes to leak checking logic or output formats.
v0.1.3
Version 0.1.3 - No code or documentation changes detected in this release. - Functionality and output remain unchanged from previous version.
v0.1.2
- Added detection and separate reporting of **config echoes** (leak-check patterns found due to config file reads) to distinguish from real credential leaks. - Updated documentation with guidance on config echoes and how to clear them. - Improved safety reminder: avoid storing full credentials, use only partial fragments in the config file. - Removed default leak-check.json file; configuration must be provided by the user.
v0.1.1
- Added leak-check.json for credential configuration. - Updated SKILL.md to clarify example credential fragments (now uses "secret123" instead of "k7Qm9x"). - Removed redundant explanation about not storing full credentials in the config.
v0.1.0
- Initial release of leak-check skill. - Scans OpenClaw session JSONL files for leaked credentials based on user-defined patterns. - Reports which AI provider received leaked data, skipping internal delivery echoes. - Supports Discord-style and JSON output formats. - Customizable credential patterns with wildcard support in leak-check.json. - Command-line options for output format, config file path, and help message.
元数据
Slug leak-check
版本 0.1.8
许可证 MIT-0
累计安装 3
当前安装数 3
历史版本数 9
常见问题

Leak Check 是什么?

Scan session logs for leaked credentials. Checks JSONL session files against known credential patterns and reports which AI provider received the data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 906 次。

如何安装 Leak Check?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install leak-check」即可一键安装,无需额外配置。

Leak Check 是免费的吗?

是的,Leak Check 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Leak Check 支持哪些平台?

Leak Check 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Leak Check?

由 Kevin Haney(@khaney64)开发并维护,当前版本 v0.1.8。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论