← 返回 Skills 市场
52yuanchangxing

Prompt Leak Auditor

作者 vx:17605205782 · GitHub ↗ · v1.0.0 · MIT-0
darwinlinuxwin32 ✓ 安全检测通过
141
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install prompt-leak-auditor
功能描述
审查 prompt、Skill 文案和说明中是否泄漏密钥、路径、内部规则或高风险指令。;use for prompt, security, audit workflows;do not use for 把扫描到的密钥原文再次扩散, 输出可利用攻击步骤.
安全使用建议
This appears coherent and low-risk, but review before running. The script will read any input path you give it — do not point it at live system secrets unless you intend to scan them. Use --dry-run or test on sanitized examples first. Note the masking in the script keeps the first four characters of matched 'secret-like' strings (e.g., 'abcd***'); if you need stronger redaction, sanitize inputs or modify the script. Always inspect the included scripts locally before executing and run them in an isolated environment if you have sensitive data.
功能分析
Type: OpenClaw Skill Name: prompt-leak-auditor Version: 1.0.0 The 'prompt-leak-auditor' skill is a security tool designed to scan local files and prompts for sensitive information like API keys, hardcoded paths, and dangerous command patterns (e.g., curl|bash). The core logic in `scripts/run.py` uses regular expressions to identify risks and includes a masking mechanism to prevent the accidental exposure of discovered secrets in its reports. The instructions in `SKILL.md` explicitly forbid the agent from spreading leaked secrets or providing exploitable attack steps, aligning with its stated purpose of auditing and governance.
能力评估
Purpose & Capability
Name/description match the included files and behavior. The only required binary is python3 and the bundle includes a local script (scripts/run.py) that implements pattern-based auditing of text files and directories — exactly what an auditor would need.
Instruction Scope
SKILL.md confines the skill to scanning prompts/skill docs and explicitly forbids leaking raw secrets or outputting exploit steps. It instructs the agent to run the provided local script or fall back to local templates. The script reads files and directories specified by the user (expected for an auditor). Note: the script will scan any path you pass it, so supplying sensitive system directories will cause it to read them; it masks detected secrets by truncating after the first four chars, not fully redacting.
Install Mechanism
No install spec or remote download. The skill is instruction + local Python script only, with no external package installs or network fetches.
Credentials
No environment variables, credentials, or config paths are requested. This is proportionate to a local auditing tool.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill does not request persistent presence, does not modify other skills, and only reads files the user points it at.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install prompt-leak-auditor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /prompt-leak-auditor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of prompt-leak-auditor. - Audits prompts and skill documentation for leaks of secrets, paths, internal rules, or high-risk instructions. - Designed for use in prompt, security, and audit workflows. - Provides a structured output covering scan scope, suspected leaks, high-risk patterns, remediation suggestions, review points, and follow-up actions. - Enforces strict boundaries: does not re-output detected secrets, avoids sharing exploit steps, and requires clear user confirmation before any risky actions. - Includes support for both script-based and manual audit methods depending on the environment. - Masks sensitive content by default and prioritizes transparency and auditability.
元数据
Slug prompt-leak-auditor
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Prompt Leak Auditor 是什么?

审查 prompt、Skill 文案和说明中是否泄漏密钥、路径、内部规则或高风险指令。;use for prompt, security, audit workflows;do not use for 把扫描到的密钥原文再次扩散, 输出可利用攻击步骤. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 141 次。

如何安装 Prompt Leak Auditor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install prompt-leak-auditor」即可一键安装,无需额外配置。

Prompt Leak Auditor 是免费的吗?

是的,Prompt Leak Auditor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Prompt Leak Auditor 支持哪些平台?

Prompt Leak Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。

谁开发了 Prompt Leak Auditor?

由 vx:17605205782(@52yuanchangxing)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论