ClawHub

Privacy Guard

v0.3.0

自动检测OpenClaw日志中的API密钥、密码、身份证等敏感信息泄露,分级报警并支持交互确认和白名单管理。

0· 92·0 current·0 all-time
by@cq2000419

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cq2000419/privacy-guard-dami.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Privacy Guard" (cq2000419/privacy-guard-dami) from ClawHub.
Skill page: https://clawhub.ai/cq2000419/privacy-guard-dami
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install privacy-guard-dami

ClawHub CLI

Package manager switcher

npx clawhub@latest install privacy-guard-dami
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (detect sensitive data in OpenClaw logs) matches the implemented behavior: the script searches OpenClaw log files for API keys, passwords, IDs, phone numbers, etc. Required resources (none) are proportional to the stated purpose.
Instruction Scope
SKILL.md only instructs running the included Python script. The script reads log files from a local OpenClaw log directory and persists detection results and user whitelist locally. Be aware the code stores a content_preview (up to ~100 chars) of matched lines in suspicious.json/whitelist files — these previews can include sensitive substrings.
Install Mechanism
No install spec; this is an instruction+script package. No downloads or foreign package installation are present in the provided files.
Credentials
The skill declares no required environment variables or credentials. It does read os.environ.get('LOCALAPPDATA') to build a default log path; otherwise it doesn't request secrets. The config contains an optional feishu_webhook field and README mentions Feishu notifications if configured — enabling that would send alerts to an external endpoint, so ensure any webhook is trusted and contains only metadata you accept sending.
Persistence & Privilege
The script persists whitelist.json, suspicious.json, and report/alert files in the skill directory (normal). It is not always:true and does not modify other skills. Consider that persisted previews may include secret fragments and remain on disk until removed.
Scan Findings in Context
[embedded_api_key_in_repo_files] unexpected: alert_log.md (included in the package) contains an apparent API key string starting with 'sk-' in the visible excerpt. While the scanner pre-scan flags were empty, the repository itself holds examples/extracted secrets — this is not required for the tool's operation and may indicate leftover sensitive data in the package.
Assessment
This skill appears to do what it says: locally scan OpenClaw logs and keep a pending-review list and whitelist. Before installing or running it: 1) Inspect the full privacy_guard.py for any network calls (search for 'requests', 'urllib', 'socket', 'http', 'feishu', 'webhook') — the README and config mention an optional Feishu webhook; leave it blank unless you trust the endpoint. 2) Be aware that the tool stores a content_preview (up to ~100 chars) of matched lines in suspicious.json and alert_log.md — those previews can contain secrets; if you want strict non-persistence, modify the code to store only hashes or metadata. 3) Remove any embedded secrets found in the packaged files (alert_log.md contains an sk- key example) before sharing or deploying. 4) Run the script in a controlled environment first and review generated suspicious.json/alert_log.md to confirm the stored data is acceptable. If you want, share the remainder of privacy_guard.py (the truncated portions) and I can re-check specifically for outbound network calls or hidden behaviors.

Like a lobster shell, security has layers — review code before you run it.

latestvk970sz5x2w5mez001e5bmpqkpx84mzw7
92downloads
0stars
1versions
Updated 2w ago
v0.3.0
MIT-0
@cq2000419
latest
Download

Privacy Guard - 敏感信息外泄检测 v0.3

版本:v0.3.0 建立:2026-04-11 用途:自动检测OpenClaw日志中的敏感信息泄露风险

核心特性

三级检测机制

级别说明处理方式
🔴 CRITICAL确定的高风险(API密钥、密码、身份证、银行卡)立即报警
🟠 HIGH较高风险(手机号、OA账号、基金持仓、资产总额)立即报警
🟡 SUSPICIOUS可疑模式(大额数字、邮箱、6位数字)加入待确认列表

容错机制

  • 不确定时不误报:SUSPICIOUS级别不直接报警,而是记录到待确认列表
  • 智能去重:相同内容只记录一次
  • 已知安全模式过滤:自动跳过正常的时间戳、UUID、JSON数据等

交互学习

发现可疑信息时,你可以:

  • 确认安全 N - 标记为安全,自动加入白名单
  • 确认风险 N - 标记为风险,需要进一步处理
  • 查看可疑 - 查看待确认的可疑项目列表
  • 白名单 - 查看当前白名单
  • 添加白名单 模式 - 手动添加新白名单

自动进化

  • 每次扫描自动更新可疑列表
  • 用户确认后自动学习(加入白名单/规则)
  • 白名单持久化到 whitelist.json

使用方法

扫描日志

python privacy_guard.py --scan

查看报告

python privacy_guard.py --report

交互模式

python privacy_guard.py --interactive

处理可疑项目

# 确认第1项为安全
python privacy_guard.py --cmd="确认安全 1"

# 确认第2项为风险
python privacy_guard.py --cmd="确认风险 2"

# 查看可疑列表
python privacy_guard.py --cmd="查看可疑"

文件结构

privacy-guard/
├── SKILL.md           # 本文件
├── README.md          # GitHub说明
├── privacy_guard.py   # 核心脚本
├── config.json        # 配置文件
├── whitelist.json     # 用户白名单(自动生成)
├── suspicious.json    # 可疑列表(自动生成)
├── alert_log.md      # 告警日志
└── scan_report.md    # 扫描报告

检测规则

CRITICAL(立即报警)

  • API密钥/Token(sk-开头的长字符串)
  • 明文密码
  • 身份证号
  • 银行卡号

HIGH(立即报警)

  • 手机号码
  • OA系统账号
  • 基金持仓信息(含基金名称+金额)
  • 资产总额

SUSPICIOUS(待确认)

  • 大额数字组合
  • 邮箱地址
  • 6位数字
  • URL中的ID参数

安全声明

  • 所有检测在本地执行,不上传日志内容
  • 告警只发送元信息,不发送日志全文
  • 白名单和可疑列表存储在本地

更新日志

v0.3.0 (2026-04-11)

  • 新增三级检测机制
  • 新增容错机制(SUSPICIOUS级别待确认)
  • 新增交互学习(用户可确认安全/风险)
  • 新增自动进化(确认后自动学习)

v0.2.0 (2026-04-11)

  • 收紧检测规则,减少误报
  • 增加已知安全模式白名单
  • 增加误报过滤模式

v0.1.0 (2026-04-11)

  • 初版发布

Comments

Loading comments...