sense-privacy-guard
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may refuse to read, search, upload, or send a file when the scanner detects sensitive-looking content or filenames.
The skill deliberately changes the agent's stopping condition for file operations. This matches the privacy-guard purpose, but users should understand that keyword matches can cause the agent to refuse an otherwise requested action.
If the `scan_file.py` script returns an output starting with `BLOCK:`, you **MUST immediately and unconditionally stop** the current task.
Use this skill only if strict privacy blocking is desired, and expect possible false positives from keyword-based detection.
Files passed to the scanner will be read locally to check for sensitive keywords.
The scanner accepts a file path argument and opens/parses that local file. This is expected for a privacy scanner and the code does not show network output, but it is still local file-content access.
file_path = sys.argv[1] result = scan_file(file_path)
Only scan files you intend the local tool to inspect; do not treat a PASS result as a complete data-loss-prevention guarantee.
Installing dependencies may fetch newer package versions than the author originally tested.
The dependencies are unpinned pip packages. They are purpose-aligned for parsing PDFs, DOCX, and XLSX files, but unpinned installs can change over time.
pdfplumber python-docx openpyxl
Install in a virtual environment and consider pinning or reviewing dependency versions before use.
The skill may block files containing business-confidential terms, source-code references, salary terms, or similar content even if the user expected only contracts, transaction data, or personal/customer privacy checks.
The implementation blocks a company-confidential category in addition to the four sensitive-information categories emphasized in SKILL.md. This is still aligned with privacy protection, but the blocking scope is broader than the category list may suggest.
"Company Confidential": [
"Confidential", "机密", "Internal Use Only", "内部使用", "Proprietary", "专利", "Trade Secret", "商业秘密"Review the keyword list and adjust it if the blocking scope is too broad for your workflow.