ClawHub

OpenClaw Security PII Audit

v1.0.0

Multi-region async PII detection for OpenClaw sessions. Scans user input, prompts, context, and knowledge base content for sensitive personal data across CN,...

0· 118·0 current·0 all-time
by@mtoby8326·duplicate of @mtoby8326/openclaw-security-mtoby8326·canonical: @atlaspa/openclaw-security
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (PII audit across multiple regions) matches the included detectors, sampling/cache logic, NDJSON logging, and cleanup scripts. The detectors implement PHONE/EMAIL/PERSON_NAME/ADDRESS/PASSPORT/BANK_CARD/NATIONAL_ID/SOCIAL_ACCOUNT as advertised; regional rules and checksums in references/patterns.md align with detector code.
Instruction Scope
SKILL.md instructs the agent to submit content (input/prompt/context/knowledge_base) to the audit_worker, prefer file-based background scans, and never block the main response. That scope is consistent with a PII-audit skill, but it inherently requires the caller to decide what conversation/context/KB content to feed the script. If the agent or caller supplies content from other skills, those other skills' data may be scanned and written to local audit logs (masked and hashed). The README and code explicitly warn about not passing PII on the command line and recommend using --file + --delete-after-read.
Install Mechanism
This is instruction + bundled Python scripts (no install spec). The code is pure Python stdlib (no external download or packages) and writes only to a local audit directory. No installers, remote downloads, or extracted archives are present.
Credentials
The skill does not require credentials or environment variables. It optionally respects OPENCLAW_AUDIT_DIR to override output location (documented). There are no requests for unrelated secrets or access to other services.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill writes local NDJSON logs and a local scan cache (.scan-cache.json) within its audit directory; this is appropriate for a local audit tool. It does not modify other skills' configs or request system-wide privileges.
Assessment
This skill appears to do what it says: local PII scanning with per-source sampling, masked previews, and NDJSON audit files. Before installing, consider: (1) where the audit directory will be (set OPENCLAW_AUDIT_DIR if you need a specific location and ensure write permissions), (2) audit files and the cache contain hashes and masked previews — treat the audit directory as sensitive and apply your retention/policy controls, (3) the skill relies on callers to choose which content to scan; avoid feeding it secrets you do not want written even in masked form, and (4) review retention/cleanup configuration (default 7 days) to ensure it meets your compliance needs. No network exfiltration, secret-env requests, or surprising install steps were found in the bundle.

Like a lobster shell, security has layers — review code before you run it.

compliancevk97a3kp63kq1ffrxm8305111n183h69jlatestvk97a3kp63kq1ffrxm8305111n183h69jpiivk97a3kp63kq1ffrxm8305111n183h69jsecurityvk97a3kp63kq1ffrxm8305111n183h69j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments