ClawHub

DataGuard DLP

v2.2.0

Runtime Data Loss Prevention (DLP) for OpenClaw agents. Multi-layer defense against credential exfiltration, PII leakage, and sensitive data transfer. Interc...

0· 55·0 current·0 all-time
byJeff C.@jeffcgit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the delivered artifacts: pattern scanner, hooks, context tracking, allow/block lists, audit logging and an installer. Required binaries (grep, sed, awk, date, head, xargs) are consistent with the pure-bash implementation and are reasonable for a shell-based DLP.
Instruction Scope
SKILL.md and hook scripts limit scope to scanning outbound data and filename metadata; hooks explicitly avoid reading file contents. Context tracking is opt-in and requires the agent to call context-track.sh. The SKILL.md instructs agents to run dlp-scan.sh before any external-send tool — this is appropriate but grants the skill broad discretion over what outbound data is considered sensitive (risk thresholds live in the skill).
Install Mechanism
There is a local install script (scripts/install.sh) that sets up config/context/log folders and initializes files; it does not download remote code. One inconsistency: registry metadata indicated 'no install spec' while SKILL.md includes an install script entry. The installer performs only local filesystem initialization and permission tightening.
Credentials
No environment variables or external credentials are requested. All configuration and state are kept under the skill directory (config/, context/, logs/). Default domain allowlist/blocklist are local files. Requested access is proportional to a DLP skill.
Persistence & Privilege
always:false (not forced), and model invocation is allowed (platform default). The skill writes files only to its own skill directory (context, logs, config) and creates a short-lived override file when used. No modifications to other skills or global agent configs are present.
Assessment
This skill appears to be what it claims: a local, bash-based runtime DLP. Before installing: 1) Note the small metadata inconsistency — SKILL.md defines an installer even though registry metadata said 'no install spec'; review scripts/install.sh before running. 2) Review scripts/domain-allowlist.sh and context-track.sh (not shown) to confirm they don't call external endpoints or phone-home. 3) Check the default allowlist/blocklist and adjust to your environment; ensure sensitive domains are blocked and trusted domains are explicit. 4) Run the included tests (tests/test-all.sh / test-integration.sh) in a safe environment to see false-positive behavior. 5) Audit log behavior: by default data previews are redacted, but config settings can change that — confirm config/config.json values if you want stronger redaction. 6) Keep in mind DLP can block legitimate workflows; the emergency override exists but is time-limited and logged. If you need tighter guarantees, perform a quick code review of the remaining omitted scripts (domain-allowlist.sh, context-track.sh) and run the installer in a sandbox before deploying broadly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97644ht76kp5jzrvaqk3v0v6s84eaa1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgrep, sed, awk, date, head, xargs

Comments