AI Agent OPSEC — Runtime Classified Data Enforcer
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a local redaction and audit helper with no evidence of network exfiltration, but users should verify the setup examples and protect its local term and audit files.
Before installing, confirm the API names and return fields in your own test, configure the external-agent list because defaults are manual, protect classified/ and memory/security/ from commits and backups, and treat this as a local helper rather than a complete data-loss-prevention system.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your workspace may retain local audit logs and redacted snippets that other tools, backups, or accidental commits could expose.
The skill stores persistent local audit entries containing metadata and redacted previews. This is purpose-aligned, but it creates retained local records that may still include surrounding context or sensitive data not covered by the term registry.
this.auditLog = path.join(this.workspaceRoot, 'memory', 'security', 'classified-access-audit.jsonl'); ... redactedPreview: result.substring(0, 80)
Add the documented paths to .gitignore, restrict local file permissions, periodically review or delete audit logs, and do not assume unregistered sensitive data will be removed.
If you copy the wrong example without testing, your agent may fail to use the redacted value as intended.
The quick-start example uses a `payload` field, while the API reference describes `sanitized`. In a security-critical outbound-call workflow, this mismatch could cause incorrect integration or false confidence.
const { safe, payload } = enforcer.sanitizeOutbound(userQuery, 'web_search'); ... await callExternalAPI(payload); ... // result.sanitized — redacted text (safe to send)Use the source/API reference behavior, pass the returned sanitized text to external calls, run the self-test, and verify the integration before handling real secrets.
It may be harder to verify authorship, updates, or the full development history before trusting it with sensitive terms.
The registry metadata does not provide a clear source repository or homepage. This is not malicious by itself, but it limits provenance checks for a security-sensitive helper.
Source: unknown; Homepage: none
Inspect the included code, pin the version, and prefer a verifiable upstream source before deploying it in sensitive environments.