ClawHub

Prompt Leak Auditor

v1.0.0

审查 prompt、Skill 文案和说明中是否泄漏密钥、路径、内部规则或高风险指令。;use for prompt, security, audit workflows;do not use for 把扫描到的密钥原文再次扩散, 输出可利用攻击步骤.

0· 81·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included files and behavior. The only required binary is python3 and the bundle includes a local script (scripts/run.py) that implements pattern-based auditing of text files and directories — exactly what an auditor would need.
Instruction Scope
SKILL.md confines the skill to scanning prompts/skill docs and explicitly forbids leaking raw secrets or outputting exploit steps. It instructs the agent to run the provided local script or fall back to local templates. The script reads files and directories specified by the user (expected for an auditor). Note: the script will scan any path you pass it, so supplying sensitive system directories will cause it to read them; it masks detected secrets by truncating after the first four chars, not fully redacting.
Install Mechanism
No install spec or remote download. The skill is instruction + local Python script only, with no external package installs or network fetches.
Credentials
No environment variables, credentials, or config paths are requested. This is proportionate to a local auditing tool.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill does not request persistent presence, does not modify other skills, and only reads files the user points it at.
Assessment
This appears coherent and low-risk, but review before running. The script will read any input path you give it — do not point it at live system secrets unless you intend to scan them. Use --dry-run or test on sanitized examples first. Note the masking in the script keeps the first four characters of matched 'secret-like' strings (e.g., 'abcd***'); if you need stronger redaction, sanitize inputs or modify the script. Always inspect the included scripts locally before executing and run them in an isolated environment if you have sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bhv16dnsjx3nwfxgxv4cwqn836d4n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🕵️ Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments