Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Pastewatch MCP
v1.3.0Secret redaction MCP server for OpenClaw agents. Prevents API keys, DB credentials, SSH keys, emails, IPs, JWTs, and 30+ other secret types from leaking to L...
⭐ 0· 453·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, required binaries (pastewatch-cli, mcporter), and the runtime instructions all align: this is a secret-redaction/proxy MCP integration for agents. The listed tools (guard, proxy, scan, watch, vault, canary) match the stated purpose.
Instruction Scope
SKILL.md instructs the agent/admin to install a system binary, run a network proxy that scans all outbound LLM requests, create systemd services, write audit logs to /var/log, and change chainwatch upstream settings. These steps are consistent with a redaction/proxy role but are high‑impact (they intercept all outgoing data and modify other agent components). The instructions do not attempt to read unrelated host secrets beyond what a proxy/agent integration would see, but they do require broad access to traffic and system configuration.
Install Mechanism
The registry has no formal install spec (instruction-only), but SKILL.md provides curl commands to download a binary from GitHub Releases and place it in /usr/local/bin (with a checksum check). Downloading from GitHub releases is a reasonable distribution source, but writing to /usr/local/bin and installing systemd units requires elevated privileges and you must trust the binary. There is no packaged/install manifest in the registry itself — the onus is on the operator to validate releases and checksums.
Credentials
The skill declares no required environment variables or credentials. That is proportionate for a local proxy/CLI; nothing in SKILL.md asks for unrelated secrets or external credentials.
Persistence & Privilege
The instructions explicitly advise creating systemd services and modifying chainwatch's upstream setting so traffic flows through pastewatch. That modifies other agent infrastructure and grants the component broad visibility into all outbound requests. While 'always' is false, installing and enabling the service gives high persistence and privilege — you must trust the binary and its operator.
What to consider before installing
This skill appears to do what it claims (local secret redaction and an API proxy), but it requires installing and running a third‑party binary with system-level privileges and intercepting all outbound agent traffic. Before using it: 1) verify the GitHub repository and release artifacts (check signatures/checksums and confirm the release owner), 2) prefer installation via your distro or a vetted package manager if available (brew is suggested for macOS), 3) run the proxy in a restricted environment (dedicated service user, container, or VM) and limit network access, 4) review the pastewatch source code or audits if you can, 5) be aware the setup changes chainwatch/upstream settings and systemd units — plan rollback and backups, and 6) do not install if you cannot fully trust or validate the binary that will process all agent outbound data. If you want a lower‑risk test, run pastewatch locally in a container and exercise its behavior on non-sensitive test data first.Like a lobster shell, security has layers — review code before you run it.
latestvk9734qrcej12exa8nyvpdxgw3583nr2y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspastewatch-cli, mcporter