ClawHub

Content Scrubber

v1.0.0

OpenClaw plugin that scrubs private infrastructure details from outgoing messages. Regex-based redaction of RFC 1918 IPs, localhost ports, SSH targets, and h...

0· 85·0 current·0 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, and index.ts all implement the same capability: intercept outgoing messages and apply regex rules to redact IPs, localhost ports, hostnames, and SSH targets. No unrelated capabilities (cloud access, filesystem scanning, network exfiltration) are requested or implemented.
Instruction Scope
SKILL.md installation and config steps match the plugin code behavior (registers a message_sending hook, supports dryRun and allowedRecipients). The runtime instructions do not ask the agent to read unrelated files, environment variables, or transmit data to external endpoints.
Install Mechanism
No install spec or remote downloads are used; the skill is distributed as source files to be copied into the extensions directory. This is low-risk and proportional to the stated purpose.
Credentials
The skill requires no environment variables, credentials, or config paths. The plugin reads only its provided configuration (dryRun, allowedRecipients) and runtime event/context fields, which is appropriate.
Persistence & Privilege
always is false (default) and the plugin runs only when enabled by adding it to openclaw.json. It does not modify other plugins or global agent settings.
Assessment
This implementation appears coherent and limited to local redaction. Before installing: (1) enable dryRun first to confirm what will be redacted and avoid accidental over-redaction, (2) review and if needed customize RULES to avoid false positives (e.g., usernames that look like hostnames), (3) limit allowedRecipients rather than leaving it empty if you want exemptions, (4) test in a non-production environment, and (5) note the package has no homepage/author metadata—install only if you trust the source or after reviewing the code (index.ts is short and readable).

Like a lobster shell, security has layers — review code before you run it.

latestvk972m9xg6c77fshex6m9emy1f183bvpb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments