技能详情(站内镜像,无评论)
作者:Andrew @AndrewAndrewsen
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 297 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:andrewandrewsen/messageguard
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
MessageGuard's code, configs, and instructions are coherent with its stated purpose (regex-based outgoing message filtering); no unrelated credentials, network calls, or installers are requested — but pay attention to logging, allow-listing, and configuration choices that can expose or bypass detection.
目的
The name/description (outgoing message filter) match the delivered artifacts: an instruction-only SKILL.md, configuration docs, a built-in pattern library, and a Python filter script that performs regex-based masking/blocking/warning. The patterns focus on API keys, tokens, PEMs, SSNs, credit cards, etc., which align with the stated goal.
说明范围
Runtime instructions are focused on running the provided Python filter before sending messages. The script will read configuration files from the user's home (~/.openclaw/outgoing-filter-config.*) if present, and supports passing a --channel id which can cause allow-listing. This is expected, but it means the skill will read (and can be configured to log) sensitive detections to disk — review and control config & log settings. The integration …
安装机制
There is no automated install spec in the registry bundle (instruction-only). SKILL.md suggests cloning an SSH GitHub repo, but the bundle already contains the Python script and docs. No external downloads or package installs are required; the script only optionally imports pyyaml if present. No high-risk install mechanism detected.
证书
The skill requests no environment variables, no external credentials, and no config paths beyond optional per-user config files under ~/.openclaw (documented). The built-in patterns include many third-party key formats (OpenAI, AWS, GitHub, etc.) which is appropriate for a secrets filter. No unrelated credentials or secrets are requested.
持久
always:false and autonomous invocation is normal. The script can write detection logs to disk (default ~/.openclaw/outgoing-filter.jsonl) if log_detections is enabled; those logs may contain snippets of sensitive values. The skill also supports allow_channels which can bypass filtering for specific channel IDs — this is useful but can be abused to bypass protection. These behaviors are documented and configurable, so they are not inherently ma…
综合结论
What to consider before installing/using MessageGuard: - The skill is coherent: it implements a regex-based outgoing message filter as described. There are no network exfiltration or hidden installers in the provided files. - Logging risk: if you enable log_detections, detection events (including snippets) are written to disk (default ~/.openclaw/outgoing-filter.jsonl). That file may contain sensitive data. If you enable logging, choose a secu…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「MessageGuard」。简介:Filters outgoing text for sensitive data using regex patterns and configurable …。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/andrewandrewsen/messageguard/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
### MessageGuard: Outgoing Message Filter Skill
**Purpose**: MessageGuard filters outgoing text to prevent secret leaks and sensitive data exposure by using pattern-based detection and configurable actions (mask, block, or warn).
### Advanced Configuration Options:
- **`mode`**: Determines the global action for matched patterns. Options are:
- `mask`: Replace sensitive data with the `mask_char`.
- `block`: Prevent the message from being sent entirely.
- `warn`: Allow the message but generate warnings.
- **`mask_char`**: The character(s) used to replace sensitive content when `mode` is set to `mask`.
- **`patterns`**: Define or customize regex-based detections. Built-ins exist for API keys, credentials, and more (e.g., AWS keys, JWTs). Add new patterns based on your requirements.
- **`logging`**: Enable detections to be logged as structured JSON for monitoring, debugging, or compliance needs. Configure the `log_path` for the output location.
- **Custom Patterns**: Users can define their custom patterns to override built-ins or extend functionalities. This supports regex and granular action control (mask, block, warn).
**Installation**
1. Clone the repository: `git clone git@github.com:AndrewAndrewsen/MessageGuard.git`.
2. Navigate to the directory. The skill is dependency-free, relying only on the Python standard library.