一键导入
leak-check
Scan session logs for leaked credentials. Checks JSONL session files against known credential patterns and reports which AI provider received the data.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Scan session logs for leaked credentials. Checks JSONL session files against known credential patterns and reports which AI provider received the data.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Agile product ownership for backlog management and sprint execution. Covers user story writing, acceptance criteria, sprint planning, and velocity tracking. Use for writing user stories, creating acceptance criteria, planning sprints, estimating story points, breaking down epics, or prioritizing backlog.
Fetch MLB game schedules, live game status, box scores, player search, and season statistics via the MLB Stats API. Use when the user asks about baseball games, scores, who is playing today, game results, live updates, pitching matchups, MLB schedule information, player lookups, or player stats.
Software build systems reference — Make, CMake, Bazel, Gradle, incremental builds, remote caching, and dependency management
Calendar management and scheduling. Create ICS events, manage meetings, and handle date/time parsing.
八字排盘与农历/干支日期查询技能。用于用户请求“算八字”“四柱排盘”“阳历/农历时间转八字”“查询某天农历或干支日期”“查黄历/宜忌”等场景;关键词包括:八字、四柱、命理、阳历转八字、农历转八字、黄历、宜忌、干支日期、农历日期。 / Bazi charting and Chinese calendar conversion skill. Use for requests like “calculate my Bazi”, “Four Pillars chart”, “convert solar/lunar datetime to Bazi”, “check Chinese almanac (huangli)”, or “check auspicious/inauspicious activities (yi-ji) for a date”; keywords include: Bazi, Four Pillars, solar-to-Bazi, lunar-to-Bazi, Chinese calendar, Chinese almanac (huangli), yi-ji, heavenly stems and earthly branches.
Data visualization tool producing SVG charts. Use when you need bar charts, line charts, pie charts, tables, sparklines, gauges,.
| name | leak-check |
| description | Scan session logs for leaked credentials. Checks JSONL session files against known credential patterns and reports which AI provider received the data. |
| metadata | {"openclaw":{"emoji":"🔐","requires":{"bins":["node"]}}} |
Scan OpenClaw session JSONL files for leaked credentials. Reports which real AI provider (anthropic, openai, google, etc.) received the data, skipping internal delivery echoes.
# Check for leaked credentials (default: discord format)
node /home/claw/.openclaw/workspace/skills/leak-check/scripts/leak-check.js
# JSON output
node /home/claw/.openclaw/workspace/skills/leak-check/scripts/leak-check.js --format json
Credentials to check are defined in leak-check.json. The script searches for this file in order:
./leak-check.json) — for backward compatibility~/.openclaw/credentials/leak-check.json — recommended persistent location (survives skill updates via clawhub)Since clawhub clears the skill directory on updates, place your config in ~/.openclaw/credentials/ to avoid losing it:
mkdir -p ~/.openclaw/credentials
cp leak-check.json ~/.openclaw/credentials/leak-check.json
You can also specify an explicit path with --config.
[
{ "name": "Discord", "search": "abc*xyz" },
{ "name": "Postmark", "search": "k7Qm9x" }
]
Important: Do not store full credentials in this file. Use only a partial fragment — enough to uniquely identify the credential via a contains, begins-with, or ends-with match.
Wildcard patterns:
abc* — starts with "abc"*xyz — ends with "xyz"abc*xyz — starts with "abc" AND ends with "xyz"abc (no asterisk) — contains "abc""" (empty) — skip this credential--format <type> — Output format: discord (default) or json--config <path> — Path to credential config file (default: ./leak-check.json, then ~/.openclaw/credentials/leak-check.json)--help, -h — Show help message🔐 **Credential Leak Check**
⚠️ **2 leaked credentials found**
**Discord Token**
• Session: `abc12345` | 2026-02-14 18:30 UTC | Provider: anthropic
**Postmark**
• Session: `def67890` | 2026-02-10 09:15 UTC | Provider: anthropic
Or if clean:
🔐 **Credential Leak Check**
✅ No leaked credentials found (checked 370 files, 7 credentials)
If the leak-check.json config file is read or discussed during an OpenClaw session, the credential patterns will appear in that session's JSONL log. The scanner detects this and reports these matches separately as config echoes rather than real leaks:
📋 **3 possible config echoes** (session contains leak-check config)
• **Discord**: 1 session
...
✅ No credential leaks beyond config echoes
Config echoes will continue to appear on every run until the session file is removed. To clear them, delete the session file from ~/.openclaw/agents/main/sessions/:
rm ~/.openclaw/agents/main/sessions/<session-uuid>.jsonl
Tip: Avoid reading or referencing leak-check.json during an OpenClaw session. If it happens, note the session ID from the report and delete it.
{
"leaks": [
{
"credential": "Discord Token",
"session": "abc12345",
"timestamp": "2026-02-14T18:30:00.000Z",
"provider": "anthropic"
}
],
"configEchoes": [
{
"credential": "Gateway",
"session": "b175e53c",
"timestamp": "2026-02-19T18:00:30.067Z",
"provider": "minimax-portal",
"configEcho": true
}
],
"summary": {
"filesScanned": 370,
"credentialsChecked": 7,
"leaksFound": 2,
"configEchoesFound": 1
}
}
This skill is designed to be local-only and read-only. The following properties can be verified by inspecting scripts/leak-check.js:
http, https, net, dgram, fetch, WebSocket, or any network APIchild_process, exec, spawn, or execSyncnpm packages; only Node.js built-ins (fs, path, os)eval(), Function(), or dynamic require()/import()fs.readFileSync, fs.existsSync, and fs.readdirSync are used; no files are created, modified, or deletedprocess.envconsole.log; nothing is sent elsewhereConfirm no unexpected APIs are used anywhere in the script:
grep -E 'require\(|import |http|fetch|net\.|dgram|child_process|exec|spawn|eval\(|Function\(|\.write|\.unlink|\.rename|process\.env' scripts/leak-check.js
Expected output — only the three built-in require() calls at the top of the file:
const fs = require('fs');
const path = require('path');
const os = require('os');