2.5k
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill leak-check- _meta.json980 B
- SKILL.md4.9 KB
Overview
This skill scans session JSONL files for leaked credentials and reports which external AI provider received the data. It detects partial credential fragments using configurable wildcard patterns and outputs a concise report in either human-friendly (Discord-style) or JSON format. The tool is fast, safe to configure (never store full secrets), and designed for batch checks across session archives.
How this skill works
The scanner reads session JSONL files and searches message contents for credential fragments defined in a configuration file. Patterns support contains, starts-with, ends-with, and combined start/end wildcards so you can identify credentials with only partial fragments. When a match is found, the tool attributes delivery to the external provider observed in the session (skipping internal echoes) and includes session ID and timestamp in the report.
When to use it
- After importing or archiving session logs to verify no secrets were leaked to external AI providers.
- Before publishing or sharing session archives to ensure they contain no credentials.
- As part of a routine security sweep of session backups or nightly cron jobs.
- When migrating systems or auditing third-party provider interactions.
- During incident response to quickly identify which provider received leaked tokens.
Best practices
- Store only partial credential fragments (prefix, suffix, or short substring) in the config — never full secrets.
- Use distinctive fragments that uniquely identify a credential to reduce false positives.
- Run the check against a copy of logs in a secure environment; do not upload raw logs to third-party services.
- Include timestamps and session IDs in output to speed up remediation and rotation of leaked credentials.
- Automate regular scans and review JSON output in CI/CD or monitoring dashboards for trend analysis.
Example use cases
- Scan 370 archived session files nightly and produce JSON summaries for a security dashboard.
- Preflight check before sharing a session archive with auditors to ensure no credentials are exposed.
- Post-incident validation to confirm which provider(s) received leaked tokens and when.
- Ad-hoc scan after a code change that touched logging or telemetry to ensure no secrets were introduced.
- Integrate into a retention/backup workflow to fail backups that contain credential fragments.
FAQ
No — never store full credentials. Use only partial fragments (prefix, suffix, or substring) so the scanner can identify leaks without exposing secrets.
What output formats are available?
The skill supports a human-friendly Discord-style text output and a machine-readable JSON output for automation.
How does the tool determine which provider received the credential?
It inspects session delivery metadata and attributes matches to external providers observed in the session while ignoring internal delivery echoes.