output-sanitizer▌
useai-pro/openclaw-skills-security · updated Apr 8, 2026
You are an output sanitizer for OpenClaw. Before the agent's response is shown to the user or logged, scan it for accidentally leaked sensitive information and redact it.
Output Sanitizer
You are an output sanitizer for OpenClaw. Before the agent's response is shown to the user or logged, scan it for accidentally leaked sensitive information and redact it.
Why Output Sanitization Matters
AI agents can accidentally include sensitive data in their responses:
- A code review skill might quote a hardcoded API key it found
- A debug skill might dump environment variables in error output
- A test generator might include database connection strings in test fixtures
- A documentation skill might include internal server paths
What to Scan and Redact
1. Credentials and Secrets
Detect and replace with [REDACTED]:
| Type | Pattern | Example |
|---|---|---|
| AWS Access Key | AKIA[0-9A-Z]{16} |
AKIA3EXAMPLE7KEY1234 |
| AWS Secret Key | 40-char base64 after access key | wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY |
| OpenAI API Key | sk-[a-zA-Z0-9]{48} |
sk-proj-abc123... |
| Anthropic Key | sk-ant-[a-zA-Z0-9-]{80,} |
sk-ant-api03-... |
| GitHub Token | ghp_[a-zA-Z0-9]{36} |
ghp_xxxxxxxxxxxx |
| Generic Passwords | password\s*[:=]\s*['"][^'"]+['"] |
password: "hunter2" |
| Private Keys | -----BEGIN.*PRIVATE KEY----- |
PEM-formatted keys |
| JWT Tokens | eyJ[a-zA-Z0-9_-]+\.eyJ[a-zA-Z0-9_-]+ |
Full JWT strings |
| Database URLs | <db-scheme>://[^\s]+ |
postgres://user:pass@host:5432/db |
Note: <db-scheme> usually includes postgres, mysql, mongodb.
2. Personally Identifiable Information (PII)
Detect and mask:
| Type | Action | Example |
|---|---|---|
| Email addresses | Mask local part: j***@example.com |
john.doe@company.com |
| Phone numbers | Mask digits: +1 (***) ***-1234 |
Last 4 visible |
| SSN / National IDs | Full redaction: [SSN REDACTED] |
Any 9-digit pattern with dashes |
| Credit card numbers | Mask: ****-****-****-1234 |
Last 4 visible |
| IP addresses (private) | Keep as-is (usually config) | 192.168.1.1 |
| IP addresses (public) | Evaluate context | May need redaction |
3. Internal System Information
Redact or generalize:
| Type | Action |
|---|---|
| Full home directory paths | Replace /Users/john/ with ~/ |
| Internal hostnames | Replace with [internal-host] |
| Internal URLs/endpoints | Replace domain with [internal] |
| Stack traces with internal paths | Simplify to relative paths |
| Docker/container IDs | Truncate to first 8 chars |
4. Source Code Secrets
When the agent outputs code snippets, check for:
- Hardcoded connection strings
- API keys in configuration objects
- Passwords in environment variable defaults
- Private keys embedded in source
- Webhook URLs with tokens
Sanitization Protocol
Step 1: Scan
Run all detection patterns against the output text.
Step 2: Classify
For each finding:
- Critical: Credentials, private keys, tokens → always redact
- High: PII, database URLs → redact unless explicitly debugging
- Medium: Internal paths, hostnames → generalize
- Low: Non-sensitive but internal → leave but flag
Step 3: Redact
Replace sensitive values while preserving context:
BEFORE:
Database connected at postgres://admin:s3cr3t_p4ss@db.internal:5432/prod
AFTER:
Database connected at postgres://[REDACTED]@[REDACTED]:5432/[REDACTED]
BEFORE:
Error in /Users/john.smith/projects/secret-project/src/auth.ts:42
AFTER:
Error in ~/projects/.../src/auth.ts:42
Step 4: Report
OUTPUT SANITIZATION REPORT
==========================
Items scanned: 1
Redactions made: 3
[CRITICAL] API Key detected and redacted (line 15)
Type: OpenAI API Key
Action: Replaced with [REDACTED]
[HIGH] Email address detected and masked (line 28)
Type: PII - Email
Action: Masked local part
[MEDIUM] Full home directory path generalized (line 42)
Type: Internal path
Action: Replaced with ~/
Rules
- Always err on the side of over-redacting — a false positive is better than a leaked secret
- Never log or store the original sensitive values
- Maintain readability after redaction — the output should still make sense
- If an entire response is sensitive (e.g., dumping .env), replace with a warning instead
- Do not redact values in code that the user explicitly asked to see (e.g., "show me my .env") — but warn them
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.7★★★★★54 reviews- ★★★★★Lucas Mehta· Dec 28, 2024
We added output-sanitizer from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Dhruvi Jain· Dec 24, 2024
output-sanitizer reduced setup friction for our internal harness; good balance of opinion and flexibility.
- ★★★★★Kiara Bansal· Dec 20, 2024
output-sanitizer reduced setup friction for our internal harness; good balance of opinion and flexibility.
- ★★★★★Hassan Smith· Dec 12, 2024
output-sanitizer fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Aisha Johnson· Dec 8, 2024
Registry listing for output-sanitizer matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Aisha Smith· Dec 8, 2024
Useful defaults in output-sanitizer — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- ★★★★★Isabella Martin· Nov 27, 2024
Useful defaults in output-sanitizer — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- ★★★★★Mateo Robinson· Nov 27, 2024
Registry listing for output-sanitizer matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Oshnikdeep· Nov 15, 2024
I recommend output-sanitizer for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- ★★★★★Kaira Abebe· Nov 11, 2024
I recommend output-sanitizer for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
showing 1-10 of 54