Agent Security Dlp
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a purpose-aligned DLP tool with no evident exfiltration, but one client path can keep and return original sensitive text after detection, so it needs review before relying on it for redaction.
Before installing, verify the full implementation and avoid relying on bin/dlp_client.py as a safe redaction output unless it is changed to return only sanitized content. Also review audit log behavior and disable or protect caching/logging when checking real credentials or personal data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An integration that forwards the result field could leak the exact sensitive text the DLP was supposed to stop.
When any sensitive finding exists, the wrapper sets blocked=true but returns the original input text as result instead of the sanitized output.
findings = details.get("findings", [])
is_blocked = len(findings) > 0
...
"result": result if not is_blocked else textReturn the sanitized value or an empty placeholder for blocked content, and clearly document that raw input must never be forwarded.
Secrets or personal data sent for checking may remain in process memory longer than expected.
The lightweight client caches check outputs for up to 300 seconds; in the same function those outputs can contain the original sensitive text for detected findings.
self.cache = DLPCache(max_size=1000, ttl=300) ... self.cache.set(cache_key, output)
Do not cache raw sensitive findings, cache only sanitized metadata, and make caching opt-in or clearly configurable.
DLP logs could reveal that sensitive data was processed, and possibly more depending on the logger implementation.
Local audit logging is disclosed and purpose-aligned for DLP, but audit records may relate to sensitive detections and the artifacts do not describe retention or redaction.
"audit": {
"enabled": true,
"log_file": "~/.openclaw/logs/dlp-audit.log"
}Review log contents, protect file permissions, and configure log retention or redaction before using with real secrets or PII.
A user following a requirements-based setup may get an install failure or an unexpected package lookup.
The requirements file claims no external dependencies but includes a package-style requirement that pip may interpret as an external package named Python.
Python >= 3.8 # No external dependencies required
Remove this line from requirements.txt and keep the Python version constraint in pyproject.toml or documentation only.