← 返回 Skills 市场
qinkai25

敏感内容扫描器

作者 qing · GitHub ↗ · v3.2.0 · MIT-0
cross-platform ⚠ suspicious
157
总下载
1
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install sensitive-content-scanner
功能描述
专业的敏感内容扫描器,支持 PII 检测(身份证/手机号/银行卡/邮箱/IP)、敏感词检测、置信度评分、多格式报告生成。适用于文档审查、安全审计、内容合规检查、隐私保护等场景。
安全使用建议
This skill appears to implement what it claims (PII and keyword scanning with local report generation), but take these precautions before installing or running it: - Inspect the full scripts: review the remainder of scripts/scan_sensitive.py to confirm there are no network calls (requests, urllib, sockets) or unexpected subprocess calls that could exfiltrate data. The preview is truncated — full-file review is needed to verify the 'no upload' claim. - Run in a sandbox: until you confirm no network activity, run the scanner on non-sensitive test files inside an isolated environment (air-gapped VM or container). - Confirm dependencies: the script uses third-party Python packages (Crypto/pycryptodome, and likely python-docx/openpyxl etc.). Determine required packages and versions before installing; prefer installing from known package mirrors and pin versions. - Validate encrypted-dictionary behavior: the script derives a fixed password from embedded code to decrypt .enc dictionaries. Understand this mechanism and ensure encrypted dicts come from trusted sources; otherwise malicious dictionaries could be loaded. - Check report output and storage: reports are written to report.html in working directory — verify where it will be saved and ensure it doesn't expose sensitive content to other users or services. - If you need high assurance, ask the publisher for: dependency list, full source file(s), and an explicit statement that no telemetry or network I/O is performed; if publisher cannot provide these, treat the package as untrusted.
功能分析
Type: OpenClaw Skill Name: sensitive-content-scanner Version: 3.2.0 The skill is a functional utility designed to scan documents for PII (Personally Identifiable Information) and sensitive keywords. The core logic in `scripts/scan_sensitive.py` uses regex and weighted dictionaries to identify sensitive data in various file formats (Office docs and plain text) and generates local reports in HTML, Markdown, or JSON. While the script includes a mechanism to load encrypted dictionaries using a hardcoded password derivation seed (a weak cryptographic practice), there is no evidence of malicious intent, data exfiltration, or unauthorized command execution. The behavior is fully aligned with the stated purpose in `SKILL.md`.
能力标签
cryptorequires-walletrequires-oauth-tokenrequires-sensitive-credentials
能力评估
Purpose & Capability
Name, description, SKILL.md and included files (pii_patterns.md, hashed sensitive words, scan_sensitive.py) are coherent: the code implements PII and keyword scanning, reporting, and supports CSV/JSON/encrypted dictionaries as described.
Instruction Scope
SKILL.md instructs users to attach documents and asserts scans run locally without uploading. The visible code implements local pattern checks, hashing and encrypted-dictionary loading, and report file generation (report.html). However the provided script is truncated in the package preview — there is no explicit network call shown in the excerpt, but the privacy claim cannot be fully verified without reviewing the entire script for any network I/O or telemetry. Also SKILL.md permits scanning filenames and file contents (expected) but gives broad instructions that could be misused to scan arbitrary files if an agent had file-system access.
Install Mechanism
No install spec or declared dependencies are provided, yet the script imports third-party modules (e.g., Crypto from pycryptodome, and likely libraries for docx/xlsx parsing). That mismatch is a practical and security concern: an operator may need to pip-install packages (network activity) or the script may fail in constrained environments. Lack of declared dependency/version information makes it harder to audit and increases the chance of unexpected behavior.
Credentials
The skill does not request environment variables, credentials, or config paths. The only notable thing is an internally derived deterministic password used to decrypt packaged encrypted dictionaries; this is self-contained and does not require external secrets.
Persistence & Privilege
Skill flags show no forced persistence (always:false) and there is no evidence it modifies other skills or system-wide settings. It generates a local report file (report.html), which is normal for this functionality.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sensitive-content-scanner
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sensitive-content-scanner 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.2.0
- Added compiled Python cache file: scripts/__pycache__/scan_sensitive.cpython-314.pyc - 修复word、excel、powerpoint内容解析失败问题
v3.1.2
- Version updated to 3.1.2; no file changes detected. - Documentation reflects new version number and date. - No functional or content changes.
v3.1.1
- 更新版本号至 3.1.1 - 更新日期调整为 2026-04-21 - 支持数据字典
v3.1.0
- Removed documentation and resource files, including guides, dictionary, templates, and changelog files. - Updated SKILL.md to describe more detailed HTML report features, including visual dashboards, responsive design, confidence levels, and improved output format options. - Clarified that scan results now default to an HTML report, viewable directly in a browser. - Updated FAQ and instructions to reflect new output formats (`html`, `markdown`, `json`). - Internal guides and extended documentation are no longer included in the package.
v3.0.0
# v3.0.0 — Major usability upgrade - 全面优化为“零门槛三步用法”,无需技术背景即可操作 - 支持三种扫描模式:内置规则、指定关键词、自定义数据字典(CSV) - 新增简明用户操作指南、数据字典模板,提升使用便捷性 - 文档结构全面更新,突出傻瓜式流程与常见问题解答 - 支持主流文档格式(docx/txt/md/xlsx/pdf),并明确提示支持情况
v2.0.0
sensitive-content-scanner v2.0.0 - Added confidence scoring (high/medium/low), with visual icons and grouped statistics in reports - Introduced advanced validation: ID checksum, bank card Luhn check, and IP range validation - Default disables Chinese name detection to reduce false positives; now uses whitelist if enabled - Improved report readability, consistency, and summarizes results by score level - Greatly reduced false positive rate, especially for technical documents
元数据
Slug sensitive-content-scanner
版本 3.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 6
常见问题

敏感内容扫描器 是什么?

专业的敏感内容扫描器,支持 PII 检测(身份证/手机号/银行卡/邮箱/IP)、敏感词检测、置信度评分、多格式报告生成。适用于文档审查、安全审计、内容合规检查、隐私保护等场景。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 157 次。

如何安装 敏感内容扫描器?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sensitive-content-scanner」即可一键安装,无需额外配置。

敏感内容扫描器 是免费的吗?

是的,敏感内容扫描器 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

敏感内容扫描器 支持哪些平台?

敏感内容扫描器 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 敏感内容扫描器?

由 qing(@qinkai25)开发并维护,当前版本 v3.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论