Log Scrubber
PassAudited by ClawScan on May 10, 2026.
Overview
This skill coherently performs local log and memory redaction, but users should dry-run it first because it edits persistent workspace files and keeps unredacted backup copies.
This skill appears safe for its stated purpose and does not send data externally. Before applying it, run the dry-run command, review which files would change, and plan how to securely handle the .bak backups because they may contain the original secrets.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running apply mode can change log or memory content, and broad regex matching may redact text that only looks like a secret.
When run without --dry-run, the script backs up and overwrites files it finds under the scoped workspace log and memory locations.
shutil.copy2(path, path + ".bak")
with open(path, 'w', encoding='utf-8') as f:
f.write(new_content)Run the documented dry-run first, review affected paths, and only apply when you are comfortable with in-place redaction.
Secrets may still exist in backup files, and edited memory files can affect what future agent sessions remember.
The tool intentionally processes persistent memory and log files, but skips backup files, so original unredacted contents may remain in .bak copies.
target_dirs = ["memory", "logs"]
extra_files = ["MEMORY.md"]
...
if f.endswith('.bak'): continueAfter confirming redaction succeeded, store or delete .bak files securely and ensure backup files are excluded from any later sharing or context loading.