원클릭으로
prepublish-privacy-scrub
Scan and remove sensitive data before publishing skills. Detect API keys, tokens, secrets, and personal info.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Scan and remove sensitive data before publishing skills. Detect API keys, tokens, secrets, and personal info.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | prepublish-privacy-scrub |
| description | Scan and remove sensitive data before publishing skills. Detect API keys, tokens, secrets, and personal info. |
Scan for sensitive data before publishing.
Publishing accidentally exposes:
function Test-PrivacyScan {
param([string]$path)
$sensitivePatterns = @(
'apiKey\s*[=:]\s*["\']?[A-Za-z0-9]',
'token\s*[=:]\s*["\']?[A-Za-z0-9]{10,}',
'secret\s*[=:]\s*["\']?[A-Za-z0-9]',
'password\s*[=:]\s*["\']?.+',
'Bearer\s+[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+',
'sk-[A-Za-z0-9]{32,}',
'OPENCLAW_\w+\s*[=:]\s*\S+',
'https://\S+\.ngrok\S+',
'[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}'
)
$files = Get-ChildItem $path -Recurse -File |
Where-Object { $_.Extension -in @('.md', '.ps1', '.json', '.txt') }
$findings = @()
foreach ($file in $files) {
$content = Get-Content $file.FullName -Raw
foreach ($pattern in $sensitivePatterns) {
$matches = [regex]::Matches($content, $pattern, 'IgnoreCase')
foreach ($m in $matches) {
$findings += @{
File = $file.FullName
Pattern = $pattern
Match = $m.Value.Substring(0, [Math]::Min(20, $m.Value.Length)) + "..."
}
}
}
}
return $findings
}
function Invoke-PrivacyScrub {
param([string]$path)
$replacements = @{
'apiKey\s*[=:]\s*["\']?[^"''\s]+' = 'apiKey: "REDACTED"'
'token\s*[=:]\s*["\']?[^"''\s]+' = 'token: "REDACTED"'
'secret\s*[=:]\s*["\']?[^"''\s]+' = 'secret: "REDACTED"'
}
$files = Get-ChildItem $path -Recurse -File
foreach ($file in $files) {
$content = Get-Content $file.FullName -Raw
$modified = $false
foreach ($kv in $replacements.GetEnumerator()) {
if ($content -match $kv.Key) {
$content = $content -replace $kv.Key, $kv.Value
$modified = $true
}
}
if ($modified) {
$content | Out-File $file.FullName -Encoding UTF8
Write-Host "Scrubbed: $($file.Name)"
}
}
}
## Privacy Scan Results
- [ ] No apiKey values in files
- [ ] No token values in files
- [ ] No secret/password in files
- [ ] No personal emails
- [ ] No absolute user paths (C:\Users\name\)
- [ ] No internal service URLs
**Scan Command**:
```powershell
Test-PrivacyScan -path "./skill-folder"
## Executable Completion Criteria
| Criteria | Verification |
|----------|-------------|
| Scan executed | Test-PrivacyScan returns results |
| No critical findings | apiKey/token/secret = 0 matches |
| Scrubbing applied | Redacted values in files |
| Checklist complete | All items checked |
## Privacy/Safety
- Scan results not logged externally
- Redacted values use generic placeholder
- Original files backed up before scrub
## Self-Use Trigger
Use when:
- Before any skill publish
- Before git push of skills
- After copying skill from working directory
---
**Scrub first. Publish safe.**
Fix OpenClaw connectivity to foreign apps for users in China without resetting existing tasks or tokens. Use when WhatsApp/Telegram/Discord linking fails with WebSocket timeout or handshake errors (for example status=408 Request Time-out, Opening handshake has timed out), when direct outbound access is blocked but VPN/proxy is available, or when OpenClaw can reach local dashboard but channels remain "Not linked".
Coordinate between local skills and discovered ClawHub patterns. Integrates phoenix-loop, agent-audit-trail, HEARTBEAT, and autonomy skills with external best practices.
Publish skills to ClawHub via web dashboard only. No CLI login, no device flow. Reuse existing browser session.
When blocked, report exact blocker + attempts made + minimum user input needed. Enable fast unblock without back-and-forth.
Verify evidence URLs are real and accessible. Check that artifact links resolve to actual content, not placeholders.
Diagnose and fix gateway token mismatches causing 401 errors. Align tokens across config, service, and CLI surfaces.