v1.0.0

Safe Share

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:50 AM.

Analysis

Safe Share is a coherent local sanitizer, but it will see the secrets you provide and its optional mask mode can leave small parts of them visible.

GuidanceThis skill appears safe to use for local sanitization. Only provide the specific text or file you want cleaned, use placeholder or redact mode before posting publicly, and still manually review the result because deterministic rules can miss custom or context-specific secrets.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

scripts/sanitize_text.py

if mode == "mask": return mask_value(value) ... value[:4] ... value[-4:]

Mask mode preserves the first and last characters of matched values. That is consistent with a masking feature, but for public sharing it can still disclose partial secret identifiers.

User impactA masked token or cookie may still reveal enough information to identify or partially expose the original value.

RecommendationPrefer the default placeholder mode or redact mode for public posts; reserve mask mode for private debugging where partial values are acceptable.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

remove API keys, tokens, cookies, passwords, emails, IPs, or other sensitive values from text before posting

The skill is explicitly designed to receive and process credentials and personal identifiers. This is purpose-aligned, local, and disclosed, but users should understand the skill will see any secrets they provide.

User impactIf you paste or point it at sensitive content, the sanitizer processes that content locally to produce a safer copy.

RecommendationUse it only on text or files you intend to sanitize, and review the sanitized output before public sharing.