ClawHub

Leak Check

v0.1.8

Scan session logs for leaked credentials. Checks JSONL session files against known credential patterns and reports which AI provider received the data.

0· 892·3 current·3 all-time
byKevin Haney@khaney64

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for khaney64/leak-check.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Leak Check" (khaney64/leak-check) from ClawHub.
Skill page: https://clawhub.ai/khaney64/leak-check
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install khaney64/leak-check

ClawHub CLI

Package manager switcher

npx clawhub@latest install leak-check
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (scan session logs for leaked credentials) align with what the skill does: it reads OpenClaw session JSONL files and checks them against patterns from a local leak-check.json. Required binary (node) is appropriate and there are no unrelated environment variables or external service credentials requested.
Instruction Scope
SKILL.md and the script restrict actions to reading session files and a local config file (~/.openclaw/credentials/leak-check.json or ./leak-check.json). The instructions explicitly describe behavior (including config-echo detection and how to remove session files). The script recurses the sessions directory and reads files, which is expected for its purpose; it does not instruct collecting or transmitting data elsewhere.
Install Mechanism
No install spec is provided (instruction-only with an included script). Requiring node is normal and no external downloads, package installs, or archive extraction are present.
Credentials
The skill requires no environment variables or external credentials. Its configuration comes from a local JSON file that the user supplies (and is explicitly advised to store only partial fragments). This is proportionate to the functionality.
Persistence & Privilege
The skill is not always-enabled and uses normal, explicit invocation. It does not attempt to modify other skills or system-wide settings; it reads files under the user's OpenClaw directories only.
Assessment
This skill appears to do exactly what it claims: scan local OpenClaw session JSONL files for credential fragments you configure. Before installing or running: 1) review the leak-check.json you create to ensure it contains only non-sensitive fragments (the SKILL.md warns not to store full credentials); 2) be aware the script will read all files under ~/.openclaw/agents/main/sessions (these files often contain sensitive content) — that is necessary for the scan but means the process will access any secrets present; 3) if you want extra assurance, run the provided grep the SKILL.md suggests to confirm there are no network/child_process calls in the installed copy; and 4) keep this skill run locally and do not put full credentials in the config. If you want, I can re-check the full (untruncated) script text or search it for specific APIs/strings before you run it.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis
Binsnode
latestvk978wd43qq3efp7awgdd10b4d983dz3f
892downloads
0stars
9versions
Updated 1mo ago
v0.1.8
MIT-0
Kevin Haney@khaney64
latest
Download

Leak Check

Scan OpenClaw session JSONL files for leaked credentials. Reports which real AI provider (anthropic, openai, google, etc.) received the data, skipping internal delivery echoes.

Quick Start

# Check for leaked credentials (default: discord format)
node /home/claw/.openclaw/workspace/skills/leak-check/scripts/leak-check.js

# JSON output
node /home/claw/.openclaw/workspace/skills/leak-check/scripts/leak-check.js --format json

Configuration

Credentials to check are defined in leak-check.json. The script searches for this file in order:

  1. Skill directory (./leak-check.json) — for backward compatibility
  2. ~/.openclaw/credentials/leak-check.json — recommended persistent location (survives skill updates via clawhub)

Since clawhub clears the skill directory on updates, place your config in ~/.openclaw/credentials/ to avoid losing it:

mkdir -p ~/.openclaw/credentials
cp leak-check.json ~/.openclaw/credentials/leak-check.json

You can also specify an explicit path with --config.

[
  { "name": "Discord", "search": "abc*xyz" },
  { "name": "Postmark", "search": "k7Qm9x" }
]

Important: Do not store full credentials in this file. Use only a partial fragment — enough to uniquely identify the credential via a contains, begins-with, or ends-with match.

Wildcard patterns:

  • abc* — starts with "abc"
  • *xyz — ends with "xyz"
  • abc*xyz — starts with "abc" AND ends with "xyz"
  • abc (no asterisk) — contains "abc"
  • "" (empty) — skip this credential

Options

  • --format <type> — Output format: discord (default) or json
  • --config <path> — Path to credential config file (default: ./leak-check.json, then ~/.openclaw/credentials/leak-check.json)
  • --help, -h — Show help message

Output

Discord (Default)

🔐 **Credential Leak Check**

⚠️ **2 leaked credentials found**

**Discord Token**
• Session: `abc12345` | 2026-02-14 18:30 UTC | Provider: anthropic

**Postmark**
• Session: `def67890` | 2026-02-10 09:15 UTC | Provider: anthropic

Or if clean:

🔐 **Credential Leak Check**
✅ No leaked credentials found (checked 370 files, 7 credentials)

Config Echoes

If the leak-check.json config file is read or discussed during an OpenClaw session, the credential patterns will appear in that session's JSONL log. The scanner detects this and reports these matches separately as config echoes rather than real leaks:

📋 **3 possible config echoes** (session contains leak-check config)

• **Discord**: 1 session
...

✅ No credential leaks beyond config echoes

Config echoes will continue to appear on every run until the session file is removed. To clear them, delete the session file from ~/.openclaw/agents/main/sessions/:

rm ~/.openclaw/agents/main/sessions/<session-uuid>.jsonl

Tip: Avoid reading or referencing leak-check.json during an OpenClaw session. If it happens, note the session ID from the report and delete it.

JSON

{
  "leaks": [
    {
      "credential": "Discord Token",
      "session": "abc12345",
      "timestamp": "2026-02-14T18:30:00.000Z",
      "provider": "anthropic"
    }
  ],
  "configEchoes": [
    {
      "credential": "Gateway",
      "session": "b175e53c",
      "timestamp": "2026-02-19T18:00:30.067Z",
      "provider": "minimax-portal",
      "configEcho": true
    }
  ],
  "summary": {
    "filesScanned": 370,
    "credentialsChecked": 7,
    "leaksFound": 2,
    "configEchoesFound": 1
  }
}

Security

This skill is designed to be local-only and read-only. The following properties can be verified by inspecting scripts/leak-check.js:

  • No network access — no use of http, https, net, dgram, fetch, WebSocket, or any network API
  • No child processes — no use of child_process, exec, spawn, or execSync
  • No external dependencies — zero npm packages; only Node.js built-ins (fs, path, os)
  • No dynamic code execution — no eval(), Function(), or dynamic require()/import()
  • No file writes — only fs.readFileSync, fs.existsSync, and fs.readdirSync are used; no files are created, modified, or deleted
  • No environment variable access — does not read process.env
  • Output is stdout only — all results go to console.log; nothing is sent elsewhere

Verify It Yourself

Confirm no unexpected APIs are used anywhere in the script:

grep -E 'require\(|import |http|fetch|net\.|dgram|child_process|exec|spawn|eval\(|Function\(|\.write|\.unlink|\.rename|process\.env' scripts/leak-check.js

Expected output — only the three built-in require() calls at the top of the file:

const fs = require('fs');
const path = require('path');
const os = require('os');

Comments

Loading comments...