{"skill":{"slug":"arc-shield","displayName":"Arc Shield","summary":"Output sanitization for agent responses - prevents accidental secret leaks","description":"---\nname: arc-shield\nversion: 1.0.0\ncategory: security\ntags: [security, sanitization, secrets, output-filter, privacy]\nrequires: [bash, python3]\nauthor: OpenClaw\ndescription: Output sanitization for agent responses - prevents accidental secret leaks\n---\n\n# arc-shield\n\n**Output sanitization for agent responses.** Scans ALL outbound messages for leaked secrets, tokens, keys, passwords, and PII before they leave the agent.\n\nāš ļø **This is NOT an input scanner** ā€” `clawdefender` already handles that. This is an **OUTPUT filter** for catching things your agent accidentally includes in its own responses.\n\n## Why You Need This\n\nAgents have access to sensitive data: 1Password vaults, environment variables, config files, wallet keys. Sometimes they accidentally include these in responses when:\n- Debugging and showing full command output\n- Copying file contents that contain secrets\n- Generating code examples with real credentials\n- Summarizing logs that include tokens\n\nArc-shield catches these leaks before they reach Discord, Signal, X, or any external channel.\n\n## What It Detects\n\n### šŸ”“ CRITICAL (blocks in `--strict` mode)\n- **API Keys & Tokens**: 1Password (`ops_*`), GitHub (`ghp_*`), OpenAI (`sk-*`), Stripe, AWS, Bearer tokens\n- **Passwords**: Assignments like `password=...` or `passwd: ...`\n- **Private Keys**: Ethereum (0x + 64 hex), SSH keys, PGP blocks\n- **Wallet Mnemonics**: 12/24 word recovery phrases\n- **PII**: Social Security Numbers, credit card numbers\n- **Platform Tokens**: Slack, Telegram, Discord\n\n### šŸŸ  HIGH (warns loudly)\n- **High-entropy strings**: Shannon entropy > 4.5 for strings > 16 chars (catches novel secret patterns)\n- **Credit cards**: 16-digit card numbers\n- **Base64 credentials**: Long base64 strings that look like tokens\n\n### šŸŸ” WARN (informational)\n- **Secret file paths**: `~/.secrets/*`, paths containing \"password\", \"token\", \"key\"\n- **Environment variables**: `ENV_VAR=secret_value` exports\n- **Database URLs**: Connection strings with credentials\n\n## Installation\n\n```bash\ncd ~/.openclaw/workspace/skills\ngit clone arc-shield\nchmod +x arc-shield/scripts/*.sh arc-shield/scripts/*.py\n```\n\nOr download as a skill bundle.\n\n## Usage\n\n### Command-line\n\n```bash\n# Scan agent output before sending\nagent-response.txt | arc-shield.sh\n\n# Block if critical secrets found (use before external messaging)\necho \"Message text\" | arc-shield.sh --strict || echo \"BLOCKED\"\n\n# Redact secrets and return sanitized text\ncat response.txt | arc-shield.sh --redact\n\n# Full report\narc-shield.sh --report < conversation.log\n\n# Python version with entropy detection\ncat message.txt | output-guard.py --strict\n```\n\n### Integration with OpenClaw Agents\n\n#### Pre-send hook (recommended)\n\nAdd to your messaging skill or wrapper:\n\n```bash\n#!/bin/bash\n# send-message.sh wrapper\n\nMESSAGE=\"$1\"\nCHANNEL=\"$2\"\n\n# Sanitize output\nSANITIZED=$(echo \"$MESSAGE\" | arc-shield.sh --strict --redact)\nEXIT_CODE=$?\n\nif [[ $EXIT_CODE -eq 1 ]]; then\n echo \"ERROR: Message contains critical secrets and was blocked.\" >&2\n exit 1\nfi\n\n# Send sanitized message\nopenclaw message send --channel \"$CHANNEL\" \"$SANITIZED\"\n```\n\n#### Manual pipe\n\nBefore any external message:\n\n```bash\n# Generate response\nRESPONSE=$(agent-generate-response)\n\n# Sanitize\nCLEAN=$(echo \"$RESPONSE\" | arc-shield.sh --redact)\n\n# Send\nsignal send \"$CLEAN\"\n```\n\n### Testing\n\n```bash\ncd skills/arc-shield/tests\n./run-tests.sh\n```\n\nIncludes test cases for:\n- Real leaked patterns (1Password tokens, Instagram passwords, wallet mnemonics)\n- False positive prevention (normal URLs, email addresses, file paths)\n- Redaction accuracy\n- Strict mode blocking\n\n## Configuration\n\nPatterns are defined in `config/patterns.conf`:\n\n```conf\nCRITICAL|GitHub PAT|ghp_[a-zA-Z0-9]{36,}\nCRITICAL|OpenAI Key|sk-[a-zA-Z0-9]{20,}\nWARN|Secret Path|~\\/\\.secrets\\/[^\\s]*\n```\n\nEdit to add custom patterns or adjust severity levels.\n\n## Modes\n\n| Mode | Behavior | Exit Code | Use Case |\n|------|----------|-----------|----------|\n| Default | Pass through + warnings to stderr | 0 | Development, logging |\n| `--strict` | Block on CRITICAL findings | 1 if critical | Production outbound messages |\n| `--redact` | Replace secrets with `[REDACTED:TYPE]` | 0 | Safe logging, auditing |\n| `--report` | Analysis only, no pass-through | 0 | Auditing conversations |\n\n## Entropy Detection\n\nThe Python version (`output-guard.py`) includes Shannon entropy analysis to catch secrets that don't match regex patterns:\n\n```python\n# Detects high-entropy strings like:\nkJ8nM2pQ5rT9vWxY3zA6bC4dE7fG1hI0 # Novel API key format\nZm9vOmJhcg== # Base64 credentials\n```\n\nThreshold: **4.5 bits** (configurable with `--entropy-threshold`)\n\n## Performance\n\n- **Bash version**: ~10ms for typical message (< 1KB)\n- **Python version**: ~50ms with entropy analysis\n- **Zero external dependencies**: bash + Python stdlib only\n\nFast enough to run on every outbound message without noticeable delay.\n\n## Real-World Catches\n\nFrom our own agent sessions:\n\n```bash\n# 1Password token\n\"ops_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\"\n\n# Instagram password in debug output\n\"instagram login: user@example.com / MyInsT@Gr4mP4ss!\"\n\n# Wallet mnemonic in file listing\n\"cat ~/.secrets/wallet-recovery-phrase.txt\nabandon ability able about above absent absorb abstract...\"\n\n# GitHub PAT in git config\n\"[remote \"origin\"]\nurl = https://ghp_abc123:@github.com/user/repo\"\n```\n\nAll blocked by arc-shield before reaching external channels.\n\n## Best Practices\n\n1. **Always use `--strict` for external messages** (Discord, Signal, X, email)\n2. **Use `--redact` for logs** you want to review later\n3. **Run tests after adding custom patterns** to check for false positives\n4. **Pipe through both** bash and Python versions for maximum coverage:\n ```bash\n message | arc-shield.sh --strict | output-guard.py --strict\n ```\n5. **Don't rely on this alone** ā€” educate your agent to avoid including secrets in the first place (see AGENTS.md output sanitization directive)\n\n## Limitations\n\n- **Context-free**: Can't distinguish between \"here's my password: X\" (bad) and \"set your password to X\" (instruction)\n- **No semantic understanding**: Won't catch \"my token is in the previous message\"\n- **Pattern-based**: New secret formats require pattern updates\n\nUse in combination with agent instructions and careful prompt engineering.\n\n## Integration Example\n\nFull OpenClaw agent integration:\n\n```bash\n# In your agent's message wrapper\nsend_external_message() {\n local message=\"$1\"\n local channel=\"$2\"\n \n # Pre-flight sanitization\n if ! echo \"$message\" | arc-shield.sh --strict > /dev/null 2>&1; then\n echo \"ERROR: Message blocked by arc-shield (contains secrets)\" >&2\n return 1\n fi\n \n # Double-check with entropy detection\n if ! echo \"$message\" | output-guard.py --strict > /dev/null 2>&1; then\n echo \"ERROR: High-entropy secret detected\" >&2\n return 1\n fi\n \n # Safe to send\n openclaw message send --channel \"$channel\" \"$message\"\n}\n```\n\n## Troubleshooting\n\n**False positives on normal text:**\n- Adjust entropy threshold: `output-guard.py --entropy-threshold 5.0`\n- Edit `config/patterns.conf` to refine regex patterns\n- Add exceptions to the pattern file\n\n**Secrets not detected:**\n- Check pattern file for coverage\n- Run with `--report` to see what's being scanned\n- Test with `tests/run-tests.sh` using your sample\n- Consider lowering entropy threshold (but watch for false positives)\n\n**Performance issues:**\n- Use bash version only (skip entropy detection)\n- Limit input size with `head -c 10000`\n- Run in background: `arc-shield.sh --report &`\n\n## Contributing\n\nAdd new patterns to `config/patterns.conf` following the format:\n\n```\nSEVERITY|Category Name|regex_pattern\n```\n\nTest with `tests/run-tests.sh` before deploying.\n\n## License\n\nMIT ā€” use freely, protect your secrets.\n\n---\n\n**Remember**: Arc-shield is your safety net, not your strategy. Train your agent to never include secrets in responses. This tool catches mistakes, not malice.\n","tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":1421,"installsAllTime":1,"installsCurrent":1,"stars":0,"versions":1},"createdAt":1770642853017,"updatedAt":1779076916968},"latestVersion":{"version":"1.0.0","createdAt":1770642853017,"changelog":"arc-shield 1.0.0 initial release\n\n- Adds outbound message sanitization to block accidental leaks of secrets, API keys, passwords, tokens, wallet mnemonics, and PII.\n- Supports multiple scan modes: pass-through, strict blocking, redaction, and reporting.\n- Pattern-based detection for major secret types (1Password, GitHub, OpenAI, AWS, Slack, Discord, etc) plus high-entropy detection (Python).\n- Provides easy shell and Python integration for OpenClaw agents via wrappers and hooks.\n- Fully configurable patterns and severity in a single config file.\n- Includes comprehensive CLI, test suite, and best practices for safe agent messaging.","license":null},"metadata":null,"owner":{"handle":"arc-claw-bot","userId":"s177v15fjt9pn5v99vms8sqkfn86vdwr","displayName":"Arc from Fulcra.ai","image":"https://avatars.githubusercontent.com/u/258497391?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1779982482880}}