Prepublish Privacy Scrub
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill fits its privacy-scrubbing purpose, but its instructions can overwrite files without clear safeguards and may give users false confidence that all sensitive data was removed.
Use this only on a copied or version-controlled skill folder. Run detection first, review findings manually, and do not run the scrub step until you have a backup and understand that it only redacts a limited set of patterns.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could unintentionally alter many local files, including files that were not meant to be rewritten.
The scrub workflow recursively processes every file under the supplied path and overwrites files in place when a pattern matches, without an explicit approval, dry-run, or diff-review requirement.
$files = Get-ChildItem $path -Recurse -File ... if ($modified) { $content | Out-File $file.FullName -Encoding UTF8 }Make scanning read-only by default, require explicit user approval before scrubbing, limit scrubbing to known text file types, and show a diff or backup path before writing changes.
A user may believe the scrub removed all private information and publish files that still contain sensitive data.
The skill presents itself as removing sensitive data and personal info, but the scrub replacements only cover apiKey, token, and secret fields, leaving detected passwords, emails, paths, ngrok/internal URLs, and other checklist items unredacted.
description: Scan and remove sensitive data before publishing skills. Detect API keys, tokens, secrets, and personal info. ... $replacements = @{ 'apiKey...' = 'apiKey: "REDACTED"' 'token...' = 'token: "REDACTED"' 'secret...' = 'secret: "REDACTED"' }Clearly separate detection from removal, block publishing until all detected items are reviewed, and either implement scrubbing for all advertised categories or state that some findings require manual cleanup.
Users could rely on a backup that is not actually created by the shown workflow, making accidental edits harder to recover.
The privacy/safety section claims original files are backed up before scrubbing, but the provided scrub function writes directly back to the original file path and does not create a backup.
- Original files backed up before scrub ... $content | Out-File $file.FullName -Encoding UTF8
Implement backup creation in the scrub function or remove the backup claim and instruct users to commit, copy, or archive files before running the scrub.
Partial API keys, tokens, emails, or other private values may become visible in scan output.
The scan results include the first part of each matched secret or personal value, which can place sensitive snippets into the agent conversation or logs even though scanning for secrets is the skill's purpose.
Match = $m.Value.Substring(0, [Math]::Min(20, $m.Value.Length)) + "..."
Return file names, line numbers, and pattern types while masking matched values by default.