Document Sanitizer
v1.3.0Batch desensitize docx/xlsx files via keyword and regex rules, with one-click reversible restoration. Replace sensitive terms (company names, personal info,...
⭐ 0· 87·0 current·0 all-time
byjuanfenglong@longjf25
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (batch desensitize docx/xlsx, reversible restore) matches the included SKILL.md and the sanitize.py implementation. Required Python packages (python-docx, openpyxl) are appropriate for the stated task. One noteworthy coupling: the script references another skill's scripts under ~/.workbuddy/skills/doc_xls2docx_xlsx/scripts for legacy .doc/.xls conversion; that is plausible but external to this skill.
Instruction Scope
Runtime instructions and the code operate only on files under the provided workspace, create output directories (_sanitized_output, _restored_output) and a unified record file (_sanitize_record.json). The mapping file stores sanitized→original mappings (i.e., original sensitive values) which is necessary for restore but means the record is highly sensitive. The auto-convert feature spawns external converter scripts via subprocess — these are local scripts (no network) but will execute code from the referenced path if present.
Install Mechanism
There is no install specification or remote downloads; this is an instruction + local script skill. No URLs, package installs, or archive extraction are performed by the skill bundle itself. Risk surface comes from executing local conversion scripts if auto-convert is used.
Credentials
The skill requests no environment variables, credentials, or config paths. Its filesystem access is limited to the workspace and a hardcoded home-based skill path (~/.workbuddy/...), which is reasonable given the conversion feature but should be noted.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges. It does write files into the user workspace (sanitized output, restored output, and _sanitize_record.json) but does not modify other skills or global agent settings.
Assessment
This skill appears to do what it claims, but take these precautions before running it on sensitive data:
- The saved record (_sanitize_record.json) contains mappings from sanitized placeholders back to the original sensitive values. Treat that file as highly sensitive: store it securely or delete it if you do not need future restores.
- If you enable auto-convert, the script will execute converter scripts from ~/.workbuddy/skills/doc_xls2docx_xlsx/scripts. Review those converter scripts (or run without --auto-convert) to avoid running untrusted code.
- Back up your originals and test the tool on a small, non-sensitive sample folder first to confirm behavior (filenames, encodings, and edge cases).
- Consider reviewing the included sanitize.py source (already bundled) for any environment-specific behavior you want to change (e.g., output locations, logging).Like a lobster shell, security has layers — review code before you run it.
latestvk97cmxnfd49s60pg59bn18rthh84etdzlatest utility document securityvk979z0x2kdrx2kk4m5khpwe2mh83vgnj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.