技能详情(站内镜像,无评论)
作者:Expanso @aronchick
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 661 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:aronchick/expanso-log-sanitize
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill is internally consistent with a local log-sanitization pipeline: it uses regex-style redaction rules and requires the Expanso runtime; no credentials or unusual installs are requested, but review deployment choices and network exposure before use.
目的
The skill's files (README, pipeline YAMLs, skill.yaml) and SKILL.md consistently describe a local log-sanitizer implemented as Expanso pipelines. One mismatch: the registry metadata lists no required binaries, but the runtime instructions require the 'expanso-edge' binary (and optionally 'expanso-cli' for cloud deploy). Requiring expanso-edge is expected for an Expanso pipeline; the missing declaration in metadata is an inconsistency to be awa…
说明范围
Runtime instructions operate locally: they read stdin or accept POSTs to /sanitize, perform pattern-based redaction, and return sanitized text and metadata. The pipelines compute input_hash and trace_id and include them in output metadata (local). There are no instructions to read unrelated system files, access secret stores, or transmit data to external endpoints. Note: the README and SKILL.md include an optional 'Deploy to Expanso Cloud' ste…
安装机制
This is an instruction-only skill with no install spec in the package (lowest risk). The skill expects the external 'expanso-edge' runtime to be available; installation is not provided by the skill itself. There are no downloads, scripts, or arbitrary remote archives embedded in the skill package.
证书
The skill declares no required environment variables or credentials in skill.yaml, and the pipelines do not access secrets or unrelated environment variables. The set of inputs/outputs is proportional to a log sanitizer (log text, optional patterns).
持久
The skill does not request always:true and does not modify other skills or system-wide settings. It can run as an MCP server bound to 0.0.0.0 (network exposure), which is normal for an optional server mode but should be treated as an operational security consideration.
综合结论
This skill appears to do what it claims — local pattern-based redaction — but check a few things before installing or running it with sensitive logs: - Ensure you have expanso-edge from a trusted source; the registry metadata didn't declare this requirement even though the SKILL.md needs it. - By default the pipelines run locally and do not exfiltrate data. However, if you use the 'MCP' server mode it binds to 0.0.0.0:PORT by default — restric…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Expanso log-sanitize」。简介:Sanitize log entries by removing passwords, tokens, and other sensitive pattern…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aronchick/expanso-log-sanitize/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
# log-sanitize
"Sanitize log entries by removing passwords, tokens, and sensitive patterns"
## Requirements
- Expanso Edge installed (`expanso-edge` binary in PATH)
- Install via: `clawhub install expanso-edge`
## Usage
### CLI Pipeline
```bash
# Run standalone
echo '<input>' | expanso-edge run pipeline-cli.yaml
```
### MCP Pipeline
```bash
# Start as MCP server
expanso-edge run pipeline-mcp.yaml
```
### Deploy to Expanso Cloud
```bash
expanso-cli job deploy https://skills.expanso.io/log-sanitize/pipeline-cli.yaml
```
## Files
| File | Purpose |
|------|---------|
| `skill.yaml` | Skill metadata (inputs, outputs, credentials) |
| `pipeline-cli.yaml` | Standalone CLI pipeline |
| `pipeline-mcp.yaml` | MCP server pipeline |