Skillv1.0.0

ClawScan security

RedactKit - AI Privacy Scrubber · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 6:54 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are internally consistent with a local regex-based redaction tool; it does not request credentials or perform network calls, but mapping files store original sensitive values in plaintext and must be protected.
Guidance: This skill appears to do exactly what it claims: regex-based, reversible local redaction. Important cautions before you install/use it: - Mapping files contain original sensitive values in plaintext (LIMITATIONS.md documents this). Treat mapping JSON like secrets: never commit them to version control, store them on encrypted filesystems, and restrict filesystem permissions (chmod 600). Consider encrypting mapping files (GPG, filesystem encryption) if they will be stored or transferred. - Regex-based detection has false positives and false negatives. Test on non-sensitive samples first, use report mode, and add exclusion/custom patterns as needed. Neither the tool nor its patterns provide semantic understanding. - Custom patterns accept arbitrary regex. Malformed or exponential-time regexes can cause crashes or slowdowns (ReDoS). Validate custom regexes and avoid pathological patterns for untrusted inputs. - The tool loads entire files into memory and may be slow or OOM on very large files; follow README guidance to split large files. - Although the code contains no network calls, the README references external preprocessing (OCR, pdftotext) as optional steps; those external tools can introduce network or additional risks—only run trusted preprocessing tools. If you need higher assurance for compliance (e.g., HIPAA, legal redaction), use a certified tool or additional safeguards—this is a useful ad-hoc/local utility but not a compliance guarantee.

Review Dimensions

Purpose & Capability: okName/description (local reversible redaction) matches the included code and docs. The package only contains a redaction engine, pattern library, CLI helpers and a restoration tool—no unrelated credentials, binaries, or services are requested.
Instruction Scope: okSKILL.md and README instruct local redaction and restoration only. Runtime instructions reference only local APIs (the Python library and saving/loading mapping files). There are no instructions to read unrelated system configuration, call external endpoints, or exfiltrate data.
Install Mechanism: okNo install spec; code is included as plain Python files and uses only the standard library. No downloads from external URLs or package installs are requested.
Credentials: okNo environment variables, credentials, or config paths are required. The skill's behavior is driven by local config.py (example provided) and CLI args, which is proportionate to its purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not modify other skills or system-wide agent settings. It persists mapping files to disk (by design) but does not request elevated privileges; mapping persistence is expected for reversible redaction.