ai-redaction-beta
WarnAudited by ClawScan on May 18, 2026.
Overview
The tool appears to redact files through BestCoffer, but it stores sensitive debug logs and puts API-key-derived information into result links, so it should be reviewed before use.
Install only if you trust BestCoffer with the original documents and understand that local logs may retain sensitive details. Avoid sharing returned task links, and consider clearing ~/.openclaw-skill-logs/ai-redaction-log/debug.log after use. For highly sensitive or regulated files, wait for the publisher to remove credential-derived URL parameters and sensitive logging.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the task URL or local debug log may receive reusable credential-derived material tied to the BestCoffer account or task.
The API key is transformed with a hardcoded key/IV, then the credential-derived value is logged and embedded in the returned task URL.
FIXED_KEY = Buffer.from(...); const s = encryptText(n); log.debug(`k:${s}`); ... `?fileId=${d.fileId}&k=${encodeURIComponent(n)}`Do not embed API-key-derived values in URLs or logs; use short-lived server-side task tokens and clearly declare the API-key requirement.
Sensitive redaction details and access links may remain on disk after the task finishes, contrary to a no-trace expectation.
The skill persists debug logs under the user's home directory and records redaction instructions and task URLs. Redaction instructions can include sensitive custom word lists, and the task URL includes fileId and k values.
LOG_DIR = path.join(t, '.openclaw-skill-logs', 'ai-redaction-log'); ... log.debug(`脱敏指令:${o}`); ... log.info(`任务创建成功,查询链接:${a.taskUrl}`)Disable sensitive debug logging by default, redact secrets and task links from logs, and document log location, retention, and cleanup.
The provider receives the original file and redaction instruction before producing a result.
The selected file and instruction are uploaded to a BestCoffer API using the user's API key. This is central to the stated cloud redaction purpose, but users should notice that original files leave the local environment.
this.API_BASE_URL = 'https://openapi4aitest.bestcoffer.com.cn/'; ... a.append('file', fs.createReadStream(e.path)); a.append('instruction', r); ... Authorization: `Bearer ${o}`Use this only for files you are allowed to send to BestCoffer, and verify the provider's retention, production/test environment, and compliance terms.
Users may trust the tool with more sensitive documents than they otherwise would, without realizing what is logged or embedded in links.
The documentation makes strong privacy and no-trace assurances, while the code writes persistent debug logs and returns links containing credential-derived values.
数据全程在 BestCoffer 端到端加密环境中处理...无痕处理:Agent 在交互过程中不应存储任何原始文件内容或敏感信息。
Revise the documentation to disclose external endpoints, credential handling, task-link contents, and local logging, or change the implementation to match the privacy claims.