Sensitive Data Masker
Security checks across malware telemetry and agentic risk
Overview
The skill’s privacy goal is coherent, but the provided hook/wrapper evidence suggests it may fail open and let original sensitive messages continue unmasked.
Review carefully before installing. The concept is reasonable, but the provided artifacts show likely implementation and dependency problems that could let original secrets continue unmasked. Only enable it after verifying the hook actually masks test messages, the Python module imports correctly, cryptography is installed, and the local mapping database/key are protected.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive text could pass onward unmasked even though the skill is presented as automatically protecting it.
stderr is configured as ignored but the code still attaches a stderr listener, which is likely to throw in Node because stderr is null; the catch path explicitly continues with the original message. For a privacy masking hook, this can cause users to trust masking that may not occur.
const masker = spawn('python3', [MASKER_SCRIPT, 'mask', content], { stdio: ['pipe', 'pipe', 'ignore'] }); ... masker.stderr.on('data', (data) => { ... }); ... // Error doesn't affect message processing, continue with original messageFix the hook to capture or omit stderr safely, fail closed for masking errors when privacy is required, and clearly notify the user if masking did not run.
A user may install the documented dependencies and still have the masker fail, potentially leaving sensitive messages unprotected.
The shown script requires the cryptography package and exits if it is absent, but the declared install/dependency artifacts list presidio-analyzer, presidio-anonymizer, and spacy without cryptography. In this skill, a dependency failure can combine with fail-open message handling.
from cryptography.fernet import Fernet ... except ImportError: ... print("This skill REQUIRES encryption for security.") ... sys.exit(1)Declare cryptography in all install metadata and setup instructions, and make startup checks report a clear installation failure instead of allowing silent unmasked operation.
The automatic hook may not be able to load the masking code, so messages may continue without redaction.
The provided manifest lists sensitive-masker.py and sensitive-masker.en.py, not an importable sensitive_masker.py module. This name mismatch is likely to make the wrapper fail before masking.
from sensitive_masker import ChannelSensitiveMasker
Rename the Python module or update the import so the wrapper can reliably load the masker before enabling the hook.
Anyone or anything that can read the mapping database and key may be able to recover recently masked secrets.
The skill intentionally stores original sensitive values in a local mapping table so masked tokens can be restored later. This is disclosed and purpose-aligned, but it creates a sensitive local store.
"Local restoration" - 7-day temporary mapping table ... "Mapping stored (7 days)" ... "Local restoration (for task execution)"
Keep the data directory protected, verify encryption and file permissions, shorten the TTL if possible, and clear mappings when they are no longer needed.
Every received message may trigger local Python execution, which can affect reliability and resource use.
The hook runs a local Python process for each received message. This is expected for this implementation and uses an argument array rather than shell interpolation, but it is still automatic local code execution.
const masker = spawn('python3', [MASKER_SCRIPT, 'mask', content], { stdio: ['pipe', 'pipe', 'ignore'] });Use reviewed local code, add timeouts and size limits, and monitor failures rather than silently continuing.