leak-check
Scan session logs for leaked credentials. Checks JSONL session files against known credential patterns and reports which AI provider received the data.
Why use this skill?
Safely scan your OpenClaw session logs for leaked API keys and credentials. Protect your privacy with local, high-performance security audits.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/khaney64/leak-checkWhat This Skill Does
The leak-check skill is a specialized security diagnostic tool designed for OpenClaw users who frequently interact with AI agents using sensitive tokens or keys. Its primary function is to iterate through your stored JSONL session logs to identify instances where private credentials may have been inadvertently transmitted to external AI providers. By comparing the content of these logs against a user-defined pattern file, the agent distinguishes between actual potential leaks and benign configuration echoes. The skill excels at providing actionable security intelligence by pinpointing exactly which AI model provider received the data, allowing users to audit their session history and revoke credentials that have been compromised.
Installation
You can install this security utility directly from the central repository using the OpenClaw management CLI. Run the following command in your terminal: clawhub install openclaw/skills/skills/khaney64/leak-check. After installation, it is strongly recommended to set up your configuration file in the persistent directory at ~/.openclaw/credentials/leak-check.json. This ensures that your credential patterns are not wiped when you perform future skill updates via clawhub, maintaining a consistent security posture across agent cycles.
Use Cases
This skill is essential for developers, security researchers, and power users who handle API keys for services like Discord, GitHub, or email providers (such as Postmark). Use cases include conducting routine security audits of local agent activity, verifying that AI chat interactions do not contain sensitive environment variables, and establishing a baseline for secure credential management within the local OpenClaw environment. It is particularly useful for teams who need to ensure compliance with data handling policies when using LLMs for code generation and debugging.
Example Prompts
- "Perform a security scan on my session logs to ensure no Discord or AWS credentials have been leaked."
- "Run the leak-check tool and output the results in JSON format so I can pipe it into my reporting dashboard."
- "Scan my recent session history and tell me if any files contain configuration echoes from my leak-check.json file."
Tips & Limitations
To minimize false positives, be aware of 'config echoes'—instances where the agent reads the pattern file itself during a session. If you see these reported, consider deleting the offending session files from ~/.openclaw/agents/main/sessions/. Furthermore, ensure your leak-check.json entries use partial fragments rather than full credentials to maintain your own security. Remember that this tool only scans what is locally stored; it cannot prevent real-time transmission of sensitive data during an active session. Practice good hygiene by avoiding pasting raw secrets into the agent interface whenever possible.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-khaney64-leak-check": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read
Related Skills
session-cost
Analyze OpenClaw session logs to report token usage, costs, and performance metrics grouped by model. Use when the user asks about API spending, token usage, session costs, or wants a usage summary.
discogs-sync
Add and remove albums from a Discogs wantlist or collection by artist and album name, master ID, or release ID. Search marketplace pricing for vinyl, CD, and other formats. List wantlist and collection contents. Use when the user asks to add or remove a record from their Discogs wantlist or collection, check what's on their wantlist, look up marketplace prices, or find what a record is selling for. Also supports bulk operations via CSV/JSON file input.
minimax-usage
Check MiniMax coding plan usage/credits remaining. Requires MINIMAX_API_KEY environment variable.
baseball
Fetch MLB game schedules, live game status, box scores, player search, and season statistics via the MLB Stats API. Use when the user asks about baseball games, scores, who is playing today, game results, live updates, pitching matchups, MLB schedule information, player lookups, or player stats.
quodd
Fetch real-time stock quotes via Quodd API. Get current prices, daily high/low, and after-hours data for US equities. Use when the user asks for stock prices, quotes, market data, or ticker information.