ClawHub

Expanso log-sanitize

v1.0.0

Sanitize log entries by removing passwords, tokens, and other sensitive patterns using Expanso Edge pipelines.

0· 832·0 current·0 all-time
byExpanso@aronchick

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aronchick/expanso-log-sanitize.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Expanso log-sanitize" (aronchick/expanso-log-sanitize) from ClawHub.
Skill page: https://clawhub.ai/aronchick/expanso-log-sanitize
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install aronchick/expanso-log-sanitize

ClawHub CLI

Package manager switcher

npx clawhub@latest install expanso-log-sanitize
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's files (README, pipeline YAMLs, skill.yaml) and SKILL.md consistently describe a local log-sanitizer implemented as Expanso pipelines. One mismatch: the registry metadata lists no required binaries, but the runtime instructions require the 'expanso-edge' binary (and optionally 'expanso-cli' for cloud deploy). Requiring expanso-edge is expected for an Expanso pipeline; the missing declaration in metadata is an inconsistency to be aware of.
Instruction Scope
Runtime instructions operate locally: they read stdin or accept POSTs to /sanitize, perform pattern-based redaction, and return sanitized text and metadata. The pipelines compute input_hash and trace_id and include them in output metadata (local). There are no instructions to read unrelated system files, access secret stores, or transmit data to external endpoints. Note: the README and SKILL.md include an optional 'Deploy to Expanso Cloud' step — if you choose that, your processed data may leave your host depending on the cloud deployment behavior.
Install Mechanism
This is an instruction-only skill with no install spec in the package (lowest risk). The skill expects the external 'expanso-edge' runtime to be available; installation is not provided by the skill itself. There are no downloads, scripts, or arbitrary remote archives embedded in the skill package.
Credentials
The skill declares no required environment variables or credentials in skill.yaml, and the pipelines do not access secrets or unrelated environment variables. The set of inputs/outputs is proportional to a log sanitizer (log text, optional patterns).
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It can run as an MCP server bound to 0.0.0.0 (network exposure), which is normal for an optional server mode but should be treated as an operational security consideration.
Assessment
This skill appears to do what it claims — local pattern-based redaction — but check a few things before installing or running it with sensitive logs: - Ensure you have expanso-edge from a trusted source; the registry metadata didn't declare this requirement even though the SKILL.md needs it. - By default the pipelines run locally and do not exfiltrate data. However, if you use the 'MCP' server mode it binds to 0.0.0.0:PORT by default — restrict it to localhost or protect it with a firewall/auth if you don't want it reachable from the network. - The README shows an optional 'Deploy to Expanso Cloud' command — deploying to a cloud provider can send logs off-host; only deploy if you trust that provider and understand its data handling. - Test on non-sensitive sample logs first and inspect outputs (sanitized text, redactions, metadata). Pay attention to metadata fields (input_hash, trace_id) if you need to avoid storing identifiable hashes. If you want higher assurance, ask the publisher for a signed expanso-edge release URL or for clarification about the missing required-binaries metadata entry.

Like a lobster shell, security has layers — review code before you run it.

latestvk973g4ymj0srr4jba3rqwc6vh980wsfs
832downloads
0stars
1versions
Updated 2mo ago
v1.0.0
MIT-0
Expanso@aronchick
latest
Download

log-sanitize

"Sanitize log entries by removing passwords, tokens, and sensitive patterns"

Requirements

  • Expanso Edge installed (expanso-edge binary in PATH)
  • Install via: clawhub install expanso-edge

Usage

CLI Pipeline

# Run standalone
echo '<input>' | expanso-edge run pipeline-cli.yaml

MCP Pipeline

# Start as MCP server
expanso-edge run pipeline-mcp.yaml

Deploy to Expanso Cloud

expanso-cli job deploy https://skills.expanso.io/log-sanitize/pipeline-cli.yaml

Files

FilePurpose
skill.yamlSkill metadata (inputs, outputs, credentials)
pipeline-cli.yamlStandalone CLI pipeline
pipeline-mcp.yamlMCP server pipeline

Comments

Loading comments...