OpenClaw Security
v1.0.0Multi-region async PII detection for OpenClaw sessions. Scans user input, prompts, context, and knowledge base content for sensitive personal data across CN,...
⭐ 0· 63·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (PII detection for OpenClaw sessions) matches the included code: detectors for phone/email/national id/passport/bank card/name/address/social accounts, smart-sampling, cache, NDJSON audit sink. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md tells the agent to run local Python scripts, write session content to temp files, and start background processes. Those instructions stay within the stated purpose (local scanning and logging). Note: the workflow intentionally uses temp files and explicit --file + --delete-after-read to avoid CLI exposure; the agent (or host) will need filesystem access and the caller supplies a session_id that will be recorded in audit records.
Install Mechanism
No install spec is provided and the project claims zero external dependencies (pure stdlib). The skill ships Python source files — nothing is downloaded or executed from remote URLs during normal use.
Credentials
No required environment variables or secrets are declared. Optional env var (OPENCLAW_AUDIT_DIR) can change storage location; nothing in the code requests cloud credentials or unrelated tokens.
Persistence & Privilege
always:false and no special platform privileges are requested. The skill writes audit logs and a file-backed cache under its own audit directory and uses file locks for concurrency. Because it may be invoked autonomously (platform default), consider whether you are comfortable with background scanning writing local audit records and cache files.
Assessment
This skill appears to be what it says: a local, multi-region PII scanner implemented in pure Python that logs masked results to NDJSON. Before installing, consider: (1) audit storage location — OPENCLAW_AUDIT_DIR defaults to a subdirectory of the repo; change it if you want logs elsewhere and confirm retention (default 7 days) meets your policy, (2) disk traces — background scans write/read temp files and a cache (.scan-cache.json) so ensure the host filesystem and backups are acceptable, (3) process-list leakage — avoid using --text in background runs as the SKILL.md warns, (4) session_id sensitivity — the session_id you pass is recorded and could link logs to users, (5) review file_lock.py and cleanup.py to confirm deletion and pruning behavior meets your expectations, and (6) verify the source/repo/trustworthiness since registry metadata shows Source: unknown even though README references a GitHub URL. If you want stronger guarantees, run the scripts in a sandbox, exercise --dry-run cleanup, and inspect that no raw PII is written (only masked previews and a truncated content-hash are stored).Like a lobster shell, security has layers — review code before you run it.
compliancevk976x1vbcggc4rnqg94ddc7erd83gc17latestvk976x1vbcggc4rnqg94ddc7erd83gc17piivk976x1vbcggc4rnqg94ddc7erd83gc17securityvk976x1vbcggc4rnqg94ddc7erd83gc17
License
MIT-0
Free to use, modify, and redistribute. No attribution required.