ClawHub
Skill flagged — review recommended

ClawHub Security found sensitive or high-impact capabilities. Review the scan results before using.

Safe Share

v1.0.0

Sanitize logs, configs, prompts, stack traces, and skill content before they are shared publicly. Use when a user wants a local, low-risk pass to remove API...

0· 148· 1 versions· 0 current· 0 all-time· Updated 7h ago· MIT-0
by@nighty35628

Security Scans

VirusTotalBenignClawScanBenignStatic analysisReview

Install

openclaw skills install safe-share

Safe Share

Use this skill to produce a safe-to-share copy of text. Prefer deterministic local sanitization over model-only guessing.

Workflow

  1. Confirm the user wants a shareable copy, not a forensic analysis.
  2. Determine the output mode:
    • placeholder: best default for docs, issues, READMEs, and tutorials
    • redact: best when preserving shape is not important
    • mask: best when keeping a hint of the original value is useful
  3. Run scripts/sanitize_text.py on the exact text the user provided.
  4. Return:
    • sanitized_text
    • findings_summary
    • review_notes
  5. Never echo the original sensitive value back to the user.

Operating Rules

  • Default to placeholder mode unless the user asks for something else.
  • Treat secrets and credentials as higher priority than general PII.
  • Replace with stable labels such as <OPENAI_API_KEY> or [REDACTED:BEARER_TOKEN].
  • Keep summaries high level. Report type and count, not the captured value.
  • State clearly that sanitization reduces risk but does not guarantee complete detection.
  • Do not scan unrelated files or repositories unless the user explicitly asks for that broader scope.
  • Do not send text to external services for classification or validation.

High-Risk Patterns

Prioritize these categories:

  • API keys and secret tokens
  • Authorization headers and bearer tokens
  • Cookies and session identifiers
  • .env-style credentials and password assignments
  • Private key blocks and PEM material
  • Sensitive URL query parameters

Then handle lower-risk identifiers:

  • Email addresses
  • Phone numbers
  • IP addresses
  • National ID or payment-card-like strings when confidence is high

Output Contract

Use the JSON contract from references/output-format.md when returning structured results from the script. If answering in prose, include the same three sections in human-readable form.

Resources

  • Detection and replacement behavior: references/patterns.md
  • Output structure and reviewer guidance: references/output-format.md
  • Smoke-test inputs and expected behavior: references/test-cases.md
  • Deterministic local sanitizer: scripts/sanitize_text.py

Version tags

developer-toolsvk97ftfqpp07dnz8zn3v00e7tz98386wklatestvk97ftfqpp07dnz8zn3v00e7tz98386wkprivacyvk97ftfqpp07dnz8zn3v00e7tz98386wkproductivityvk97ftfqpp07dnz8zn3v00e7tz98386wksecurityvk97ftfqpp07dnz8zn3v00e7tz98386wk