This is a post-processing layer that scans agent output for accidentally leaked secrets before it hits your screen or logs. It catches the usual suspects like API keys, database URLs, JWTs, and PII using pattern matching, then redacts or masks them while keeping the output readable. The rules are sensible: full redaction for credentials and private keys, partial masking for emails and credit cards, path generalization for internal directories. Trust score of 94, no network or shell permissions. Honestly, this should probably be built into the agent runtime itself, but until then it's a reasonable safety net if your agents are poking around codebases or config files where secrets might leak into responses.
npx skills add https://github.com/useai-pro/openclaw-skills-security --skill output-sanitizer