arc-shield

Output sanitization for agent responses. Scans ALL outbound messages for leaked secrets, tokens, keys, passwords, and PII before they leave the agent.

⚠️ This is NOT an input scanner — clawdefender already handles that. This is an OUTPUT filter for catching things your agent accidentally includes in its own responses.

Why You Need This

Agents have access to sensitive data: 1Password vaults, environment variables, config files, wallet keys. Sometimes they accidentally include these in responses when:

• - Debugging and showing full command output
• Copying file contents that contain secrets
• Generating code examples with real credentials
• Summarizing logs that include tokens

Arc-shield catches these leaks before they reach Discord, Signal, X, or any external channel.

What It Detects

🔴 CRITICAL (blocks in --strict mode)

• - API Keys & Tokens: 1Password (ops_*), GitHub (ghp_*), OpenAI (sk-*), Stripe, AWS, Bearer tokens
• Passwords: Assignments like password=... or INLINECODE6
• Private Keys: Ethereum (0x + 64 hex), SSH keys, PGP blocks
• Wallet Mnemonics: 12/24 word recovery phrases
• PII: Social Security Numbers, credit card numbers
• Platform Tokens: Slack, Telegram, Discord

🟠 HIGH (warns loudly)

• - High-entropy strings: Shannon entropy > 4.5 for strings > 16 chars (catches novel secret patterns)
• Credit cards: 16-digit card numbers
• Base64 credentials: Long base64 strings that look like tokens

🟡 WARN (informational)

• - Secret file paths: ~/.secrets/*, paths containing "password", "token", "key"
• Environment variables: ENV_VAR=secret_value exports
• Database URLs: Connection strings with credentials

Installation

CODEBLOCK0

Or download as a skill bundle.

Usage

Command-line

CODEBLOCK1

Integration with OpenClaw Agents

Pre-send hook (recommended)

Add to your messaging skill or wrapper:

CODEBLOCK2

Manual pipe

Before any external message:

CODEBLOCK3

Testing

CODEBLOCK4

Includes test cases for:

• - Real leaked patterns (1Password tokens, Instagram passwords, wallet mnemonics)
• False positive prevention (normal URLs, email addresses, file paths)
• Redaction accuracy
• Strict mode blocking

Configuration

Patterns are defined in config/patterns.conf:

CODEBLOCK5

Edit to add custom patterns or adjust severity levels.

Modes

Entropy Detection

The Python version (output-guard.py) includes Shannon entropy analysis to catch secrets that don't match regex patterns:

CODEBLOCK6

Threshold: 4.5 bits (configurable with --entropy-threshold)

Performance

• - Bash version: ~10ms for typical message (< 1KB)
• Python version: ~50ms with entropy analysis
• Zero external dependencies: bash + Python stdlib only

Fast enough to run on every outbound message without noticeable delay.

Real-World Catches

From our own agent sessions:

CODEBLOCK7

All blocked by arc-shield before reaching external channels.

Best Practices

1. 1. Always use --strict for external messages (Discord, Signal, X, email)
2. Use --redact for logs you want to review later
3. Run tests after adding custom patterns to check for false positives
4. Pipe through both bash and Python versions for maximum coverage:

   message | arc-shield.sh --strict | output-guard.py --strict
   

1. 5. Don't rely on this alone — educate your agent to avoid including secrets in the first place (see AGENTS.md output sanitization directive)

Limitations

• - Context-free: Can't distinguish between "here's my password: X" (bad) and "set your password to X" (instruction)
• No semantic understanding: Won't catch "my token is in the previous message"
• Pattern-based: New secret formats require pattern updates

Use in combination with agent instructions and careful prompt engineering.

Integration Example

Full OpenClaw agent integration:

CODEBLOCK9

Troubleshooting

False positives on normal text:

• - Adjust entropy threshold: INLINECODE18
• Edit config/patterns.conf to refine regex patterns
• Add exceptions to the pattern file

Secrets not detected:

• - Check pattern file for coverage
• Run with --report to see what's being scanned
• Test with tests/run-tests.sh using your sample
• Consider lowering entropy threshold (but watch for false positives)

Performance issues:

• - Use bash version only (skip entropy detection)
• Limit input size with INLINECODE22
• Run in background: INLINECODE23

Contributing

Add new patterns to config/patterns.conf following the format:

CODEBLOCK10

Test with tests/run-tests.sh before deploying.

License

MIT — use freely, protect your secrets.