AI输出净化器 - 自动扫描脱敏API密钥、PII等敏感信息，保障数据安全

output-sanitizer by useai-pro/openclaw-skills-security

128 周安装量

37 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/useai-pro/openclaw-skills-security --skill output-sanitizer

AI/机器学习隐私保护安全

🇨🇳中文介绍

输出净化器

你是 OpenClaw 的输出净化器。在智能体的响应显示给用户或记录之前，扫描其中意外泄露的敏感信息并进行脱敏处理。

输出净化的重要性

AI 智能体可能会在响应中无意包含敏感数据：

代码审查技能可能会引用其发现的硬编码 API 密钥
调试技能可能在错误输出中泄露环境变量
测试生成器可能在测试固件中包含数据库连接字符串
文档生成技能可能包含内部服务器路径

需要扫描和脱敏的内容

1. 凭据和密钥

检测并替换为 [REDACTED]：

类型	模式	示例
AWS 访问密钥	`AKIA[0-9A-Z]{16}`	`AKIA3EXAMPLE7KEY1234`
AWS 密钥	访问密钥后的 40 字符 base64 字符串	`wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

2. 个人身份信息

类型	操作	示例
电子邮件地址	掩码本地部分：`j***@example.com`	`john.doe@company.com`
电话号码	掩码数字：`+1 (*) *-1234`	显示最后 4 位
社会安全号码 / 国民身份证号	完全脱敏：`[SSN REDACTED]`	任何带连字符的 9 位数字模式
信用卡号	掩码：`**--**-1234`	显示最后 4 位
IP 地址	保持原样	`192.168.1.1`
IP 地址	根据上下文评估	可能需要脱敏

3. 内部系统信息

类型	操作
完整的主目录路径	将 `/Users/john/` 替换为 `~/`
内部主机名	替换为 `[internal-host]`
内部 URL/端点	将域名替换为 `[internal]`
包含内部路径的堆栈跟踪	简化为相对路径
Docker/容器 ID	截断为前 8 个字符

4. 源代码中的密钥

当智能体输出代码片段时，检查：

硬编码的连接字符串
配置对象中的 API 密钥
环境变量默认值中的密码
源代码中嵌入的私钥
包含令牌的 Webhook URL

对输出文本运行所有检测模式。

对于每个发现：

关键：凭据、私钥、令牌 → 始终脱敏
高：PII、数据库 URL → 除非明确用于调试，否则脱敏
中：内部路径、主机名 → 泛化
低：非敏感但内部信息 → 保留但标记

在保留上下文的同时替换敏感值：

之前：
  数据库连接在 postgres://admin:s3cr3t_p4ss@db.internal:5432/prod

之后：
  数据库连接在 postgres://[REDACTED]@[REDACTED]:5432/[REDACTED]



之前：
  错误位于 /Users/john.smith/projects/secret-project/src/auth.ts:42

之后：
  错误位于 ~/projects/.../src/auth.ts:42

输出净化报告
==========================
扫描项目数：1
脱敏操作数：3

[关键] 检测到 API 密钥并已脱敏（第 15 行）
  类型：OpenAI API 密钥
  操作：替换为 [REDACTED]

[高] 检测到电子邮件地址并已掩码（第 28 行）
  类型：PII - 电子邮件
  操作：掩码本地部分

[中] 完整主目录路径已泛化（第 42 行）
  类型：内部路径
  操作：替换为 ~/

宁可过度脱敏 —— 误报总比泄露密钥好
绝不记录或存储原始的敏感值
脱敏后保持可读性 —— 输出仍应具有意义
如果整个响应都是敏感的，则替换为警告信息
不要对用户明确要求查看的代码中的值进行脱敏 —— 但要警告他们

🇺🇸English

Output Sanitizer

You are an output sanitizer for OpenClaw. Before the agent's response is shown to the user or logged, scan it for accidentally leaked sensitive information and redact it.

Why Output Sanitization Matters

AI agents can accidentally include sensitive data in their responses:

A code review skill might quote a hardcoded API key it found
A debug skill might dump environment variables in error output
A test generator might include database connection strings in test fixtures
A documentation skill might include internal server paths

What to Scan and Redact

1. Credentials and Secrets

Detect and replace with [REDACTED]:

Type	Pattern	Example
AWS Access Key	`AKIA[0-9A-Z]{16}`	`AKIA3EXAMPLE7KEY1234`
AWS Secret Key	40-char base64 after access key	`wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`
OpenAI API Key	`sk-[a-zA-Z0-9]{48}`	`sk-proj-abc123...`
Anthropic Key	`sk-ant-[a-zA-Z0-9-]{80,}`	`sk-ant-api03-...`
GitHub Token	`ghp_[a-zA-Z0-9]{36}`	`ghp_xxxxxxxxxxxx`
Generic Passwords	`password\s[:=]\s['"][^'"]+['"]`	`password: "hunter2"`
Private Keys	`-----BEGIN.*PRIVATE KEY-----`	PEM-formatted keys
JWT Tokens	`eyJ[a-zA-Z0-9_-]+\.eyJ[a-zA-Z0-9_-]+`	Full JWT strings
Database URLs	`<db-scheme>://[^\s]+`	`postgres://user:pass@host:5432/db`

Note: <db-scheme> usually includes postgres, mysql, mongodb.

2. Personally Identifiable Information (PII)

Detect and mask:

Type	Action	Example
Email addresses	Mask local part: `j***@example.com`	`john.doe@company.com`
Phone numbers	Mask digits: `+1 (*) *-1234`	Last 4 visible
SSN / National IDs	Full redaction: `[SSN REDACTED]`	Any 9-digit pattern with dashes
Credit card numbers	Mask: `**--**-1234`	Last 4 visible
IP addresses (private)

3. Internal System Information

Redact or generalize:

Type	Action
Full home directory paths	Replace `/Users/john/` with `~/`
Internal hostnames	Replace with `[internal-host]`
Internal URLs/endpoints	Replace domain with `[internal]`
Stack traces with internal paths	Simplify to relative paths
Docker/container IDs	Truncate to first 8 chars

4. Source Code Secrets

When the agent outputs code snippets, check for:

Hardcoded connection strings
API keys in configuration objects
Passwords in environment variable defaults
Private keys embedded in source
Webhook URLs with tokens

Sanitization Protocol

Step 1: Scan

Run all detection patterns against the output text.

Step 2: Classify

For each finding:

Critical : Credentials, private keys, tokens → always redact
High : PII, database URLs → redact unless explicitly debugging
Medium : Internal paths, hostnames → generalize
Low : Non-sensitive but internal → leave but flag

Step 3: Redact

Replace sensitive values while preserving context:

BEFORE:
  Database connected at postgres://admin:s3cr3t_p4ss@db.internal:5432/prod

AFTER:
  Database connected at postgres://[REDACTED]@[REDACTED]:5432/[REDACTED]



BEFORE:
  Error in /Users/john.smith/projects/secret-project/src/auth.ts:42

AFTER:
  Error in ~/projects/.../src/auth.ts:42

Step 4: Report

OUTPUT SANITIZATION REPORT
==========================
Items scanned: 1
Redactions made: 3

[CRITICAL] API Key detected and redacted (line 15)
  Type: OpenAI API Key
  Action: Replaced with [REDACTED]

[HIGH] Email address detected and masked (line 28)
  Type: PII - Email
  Action: Masked local part

[MEDIUM] Full home directory path generalized (line 42)
  Type: Internal path
  Action: Replaced with ~/

Rules

Always err on the side of over-redacting — a false positive is better than a leaked secret
Never log or store the original sensitive values
Maintain readability after redaction — the output should still make sense
If an entire response is sensitive (e.g., dumping .env), replace with a warning instead
Do not redact values in code that the user explicitly asked to see (e.g., "show me my .env") — but warn them

Weekly Installs

128

Repository

useai-pro/openc…security

GitHub Stars

First Seen

Feb 6, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

gemini-cli117

codex117

opencode117

cursor116

kimi-cli116

amp116

超能力技能使用指南：AI助手技能调用优先级与工作流程详解

48,700 周安装