ClawHub

Safe Share

v1.0.0

Sanitize logs, configs, prompts, stack traces, and skill content before they are shared publicly. Use when a user wants a local, low-risk pass to remove API...

0· 97·0 current·0 all-time
by@nighty35628
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, reference docs, tests, and the sanitize_text.py implementation all align: the skill's purpose is local sanitization of text before public sharing and the included code performs that function without requesting unrelated access.
Instruction Scope
SKILL.md instructs the agent to run the included scripts on the user-provided text and explicitly disallows sending text to external services or scanning unrelated files; the implementation follows that. Note: the sanitizer will read a file path if provided or stdin otherwise — it will not enumerate repositories unless the agent is explicitly asked to provide broader input scope.
Install Mechanism
No install spec or external downloads are present. This is an instruction-first skill with small local Python scripts and test files only, which is low-risk from an install/execution perspective.
Credentials
The skill requires no environment variables or credentials. One caution: the 'mask' mode intentionally preserves the first/last few characters of values, which can leak partial secret fragments; the SKILL.md documents mode choices, but users should avoid 'mask' for highly sensitive secrets.
Persistence & Privilege
The skill does not request persistent presence or elevated platform privileges (always:false). It does not modify other skills or system configuration and runs as a local script when invoked.
Assessment
This skill appears to do what it says: local deterministic sanitization with tests and no network calls or required credentials. Before installing or using it: (1) review the included sanitize_text.py to ensure its regex rules match your needs, (2) avoid using 'mask' mode when sanitizing very sensitive secrets because it preserves fragments, (3) run the smoke tests locally on representative samples, and (4) do not feed the sanitizer text you cannot disclose to local tooling unless you control the environment. If you want additional protections, add custom high-confidence patterns for any project-specific identifiers you need removed.

Like a lobster shell, security has layers — review code before you run it.

developer-toolsvk97ftfqpp07dnz8zn3v00e7tz98386wklatestvk97ftfqpp07dnz8zn3v00e7tz98386wkprivacyvk97ftfqpp07dnz8zn3v00e7tz98386wkproductivityvk97ftfqpp07dnz8zn3v00e7tz98386wksecurityvk97ftfqpp07dnz8zn3v00e7tz98386wk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments