ClawHub

AgentWard Sanitize

ReviewAudited by ClawScan on May 10, 2026.

Overview

This appears to be a local PII redaction tool, but it creates a raw PII sidecar file and has conflicting guidance about whether JSON output can expose that raw map.

Use this only on files you intentionally select, and remember that sanitized output may be accompanied by a separate raw PII entity-map file. Protect or delete that sidecar file, and avoid JSON mode until the maintainer clarifies whether it can include raw PII.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence
ASI06: Memory and Context Poisoning
What this means

Raw sensitive values such as SSNs, credit cards, emails, or API keys may remain on disk after the user thinks the file has been sanitized.

Why it was flagged

The skill's recommended workflow says to always use `--output`, so normal use creates a persistent local file containing raw PII mappings. The artifacts do not show cleanup, permission hardening, or a way to disable this sidecar.

Skill content
The entity map (raw PII  placeholder mapping) is written to a separate sidecar file (`*.entity-map.json`) only when `--output` is used. Do NOT read the entity map file.
Recommendation

Treat the sidecar file as highly sensitive, store it only in a protected location, and delete it when no longer needed. The maintainer should make raw entity-map creation explicit opt-in or provide clear cleanup and permission guidance.

ConcernMedium Confidence
ASI09: Human-Agent Trust Exploitation
What this means

A user or agent could choose JSON mode believing it is safe and accidentally display or log raw PII if the script follows its own docstring.

Why it was flagged

This conflicts with SKILL.md's claim that `--json` is safe and does not print raw PII. Because SKILL.md defines the entity map as raw PII-to-placeholder mappings, the artifacts leave unclear whether JSON output can expose sensitive values.

Skill content
python sanitize.py <file> --json               # JSON with entity map
Recommendation

Avoid JSON mode on sensitive files until the behavior is verified. The maintainer should align the documentation and implementation, and ensure raw PII is never printed unless explicitly requested and clearly warned.