← 返回 Skills 市场
skill-privacy-guard
作者
zhanggroot7
· GitHub ↗
· v1.0.0
· MIT-0
74
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-privacy-guard
功能描述
STOPS all sensitive information from entering skill files. Automatically blocks usernames, paths, personal data when creating or updating skills. CRITICAL -...
安全使用建议
This skill is plausible for its stated job (sanitizing skill files) but has several red flags you should clarify before installing:
- Who actually invokes the skill and when? The doc claims it should always run after edits, but registry metadata does not set always:true. Confirm whether the platform will auto-trigger the skill and under what conditions.
- Confirm file access scope and safeguards. The skill intends to read and modify skill.md files; ask the developer to limit scope (only skills in the same project or an explicit whitelist), and require explicit user approval before writing changes.
- Require a dry-run/preview mode and an explicit 'apply changes' step. You should be able to review proposed replacements and reject them to avoid accidental over-sanitization.
- Ask for audit logs and an undo mechanism. Modifying skill files without trace or easy rollback risks data loss and obscures why examples were changed.
- Request tests and examples demonstrating the regex rules won't over-match (avoid false positives that remove legitimate content). Provide unit tests and sample inputs/outputs.
- Confirm there is no external transmission of scanned content. The SKILL.md does not mention network calls, but explicitly ask that the skill never sends file contents outside the agent/platform.
If the developer cannot or will not provide answers, consider the risk that this skill could autonomously alter many skill files without adequate review — treat it cautiously. If you decide to try it, enable it in a sandboxed environment, back up your repository, and require manual approval for any automatic edits.
功能分析
Type: OpenClaw Skill
Name: skill-privacy-guard
Version: 1.0.0
The skill-privacy-guard bundle is a defensive utility designed to automatically sanitize sensitive information, such as PII, credentials, and absolute paths, from OpenClaw skill files. The instructions in skill.md provide comprehensive regex patterns and replacement rules to ensure skills remain generic and secure, with explicit rules against logging or exfiltrating the sensitive data it detects.
能力标签
能力评估
Purpose & Capability
The name/description match the instructions: the document describes scanning and sanitizing skill files and provides concrete replacement rules and regexes. However, the SKILL.md repeatedly claims 'Always run after skill modifications' and 'TOP PRIORITY', while the registry metadata shows always: false and user-invocable: false, which is inconsistent. Requesting the ability to identify and read skill files is coherent for a sanitizer, but the claimed priority/auto-run semantics are not reflected in metadata and are not implementable from an instruction-only skill without platform integration.
Instruction Scope
Instructions explicitly tell the agent to 'Identify the skill file path', 'Read the complete content', and 'Scan for sensitive patterns' — this requires reading/modifying other skill.md files and thus broad access to potentially sensitive content. The sanitization rules are aggressive (block all network identifiers, credentials, various cloud IDs) and could over-sanitize or alter legitimate examples. There is no explicit guidance for a preview/dry-run, explicit user approval before modifying files, change-logging, or safe rollback. That gives the agent broad discretion to modify skill files without documented safeguards.
Install Mechanism
No install spec and no code files — the skill is instruction-only, which minimizes attack surface from downloads or arbitrary code. There is nothing written to disk by an installer.
Credentials
The skill does not request environment variables, binaries, or external credentials. That is proportionate to the stated purpose of scanning and sanitizing text files.
Persistence & Privilege
The SKILL.md claims 'TOP PRIORITY' and 'ALWAYS run after skill modifications', but metadata does not set always:true. The skill also sets disable-model-invocation: false (model can autonomously invoke it). Combined with the auto-trigger semantics described in SKILL.md, this implies the skill could be invoked automatically to read and modify skill files — a high-privilege operation — yet there are no safeguards described (preview, approvals, audit logs). The mismatch between claimed automated behavior and registry flags increases ambiguity about actual runtime privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-privacy-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-privacy-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skill-privacy-guard:
- Automatically detects and blocks sensitive information from skill files, including usernames, file paths, credentials, personal data, network identifiers, and more.
- Auto-triggers after every skill file creation or edit to ensure no sensitive data is saved.
- Enforces strict sanitization with regular expressions for common secrets, PII, infrastructure details, and other confidential info.
- Maintains all skill files in generic, shareable, and secure form by replacing or removing sensitive patterns.
- CRITICAL: Runs at highest priority after any skill modification to guarantee privacy protection.
元数据
常见问题
skill-privacy-guard 是什么?
STOPS all sensitive information from entering skill files. Automatically blocks usernames, paths, personal data when creating or updating skills. CRITICAL -... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 74 次。
如何安装 skill-privacy-guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-privacy-guard」即可一键安装,无需额外配置。
skill-privacy-guard 是免费的吗?
是的,skill-privacy-guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
skill-privacy-guard 支持哪些平台?
skill-privacy-guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 skill-privacy-guard?
由 zhanggroot7(@zhanggroot7)开发并维护,当前版本 v1.0.0。
推荐 Skills