OpenClaw Security

Multi-region async PII detection for OpenClaw sessions. Scans user input, prompts, context, and knowledge base content for sensitive personal data across CN,...

This skill appears to be what it says: a local, multi-region PII scanner implemented in pure Python that logs masked results to NDJSON. Before installing, consider: (1) audit storage location — OPENCLAW_AUDIT_DIR defaults to a subdirectory of the repo; change it if you want logs elsewhere and confirm retention (default 7 days) meets your policy, (2) disk traces — background scans write/read temp files and a cache (.scan-cache.json) so ensure the host filesystem and backups are acceptable, (3) process-list leakage — avoid using --text in background runs as the SKILL.md warns, (4) session_id sensitivity — the session_id you pass is recorded and could link logs to users, (5) review file_lock.py and cleanup.py to confirm deletion and pruning behavior meets your expectations, and (6) verify the source/repo/trustworthiness since registry metadata shows Source: unknown even though README references a GitHub URL. If you want stronger guarantees, run the scripts in a sandbox, exercise --dry-run cleanup, and inspect that no raw PII is written (only masked previews and a truncated content-hash are stored).

Type: OpenClaw Skill Name: openclaw-security-mtoby8326 Version: 1.0.0 The openclaw-security skill is a well-engineered PII detection and local auditing tool that uses Python's standard library to scan text for sensitive information across multiple regions. It implements robust security practices, such as masking sensitive values in logs, using file-based input to avoid exposing data in process lists (scripts/audit_worker.py), and providing a dedicated cleanup utility (scripts/cleanup.py). The SKILL.md instructions correctly guide the AI agent to perform non-blocking background audits, and there is no evidence of data exfiltration, unauthorized network access, or malicious intent.