ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Agent OPSEC — Runtime Classified Data Enforcer

v1.4.0

Prevent your AI agent from leaking classified terms to external APIs, subagents, or logs. Term registry + runtime redaction + pre-publish audit. Zero depende...

0· 265·1 current·1 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description align with the included code: it loads a local term registry, redacts text, and writes a local audit log. It does not request credentials or make network calls. Note: the README shows sample agent lists but the runtime defaults for externalAgents/internalAgents are empty arrays — the user must populate these lists for the enforcer to actively block named agents.
!
Instruction Scope
SKILL.md and README instruct the agent to read <workspace>/classified/classified-terms.md and write <workspace>/memory/security/classified-access-audit.jsonl — the implementation does exactly that and performs only local FS operations. However, because externalAgents is empty by default, validateSubagentAccess will not block any agent unless the user edits code/configuration; this is a likely source of false security (the module will redact outbound payloads only if callers actually call sanitizeOutbound, and will not block spawns unless configured). Also the CLI/test prints an older version string (1.1.0) despite v1.4.0 metadata — minor inconsistency.
Install Mechanism
Instruction-only skill with a bundled JS source file and no install spec; there is no remote download or package installation. All code is local and uses only Node's fs/path libraries (no external network installs).
Credentials
No environment variables, credentials, or non-workspace config paths are requested. The skill reads and writes only under the provided workspace root.
Persistence & Privilege
always:false (default) and the skill does not ask for permanent global presence or modify other skills. It writes audit logs under workspace/memory/security and rotates them at 1MB; this is scoped to its own files.
Assessment
This skill appears to do what it says — local redaction and an append-only audit log with no network calls — but do not assume it protects you out of the box. Before installing or relying on it: 1) Populate externalAgents/internalAgents (or otherwise integrate sanitizeOutbound/redactTaskBeforeSpawn) — by default the externalAgents list is empty, so the enforcer will NOT block agent spawns unless you configure it. 2) Create classified/classified-terms.md and add your terms; check the regex behavior (proper-noun vs case-insensitive rules) to ensure it matches your terms as intended. 3) Protect the audit log: add classified/ and memory/security/ to .gitignore and restrict filesystem permissions on memory/security to prevent unauthorized access. 4) Review the source yourself (or with a trusted reviewer) — the module runs locally and writes files, so confirm its behavior fits your threat model. 5) Test thoroughly (use the included CLI/test) before using in production agents and consider additional safeguards (workspace isolation, process sandboxing, or containerization) for high-value classified data.
!
src/ClassifiedAccessEnforcer.js:74
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

agent-safetyvk9739gx1yn5pdcde49ysa7y3p182shtrclassifiedvk97592616a74wheez34kgbktad82r5k6latestvk9739gx1yn5pdcde49ysa7y3p182shtropsecvk9739gx1yn5pdcde49ysa7y3p182shtrprivacyvk9739gx1yn5pdcde49ysa7y3p182shtrredactionvk9739gx1yn5pdcde49ysa7y3p182shtrsecurityvk9739gx1yn5pdcde49ysa7y3p182shtr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments