Leak Check
Scan OpenClaw session JSONL files for leaked credentials. Reports which real AI provider (anthropic, openai, google, etc.) received the data, skipping internal delivery echoes.
Quick Start
CODEBLOCK0
Configuration
Credentials to check are defined in leak-check.json. The script searches for this file in order:
- 1. Skill directory (
./leak-check.json) — for backward compatibility ~/.openclaw/credentials/leak-check.json — recommended persistent location (survives skill updates via clawhub)
Since clawhub clears the skill directory on updates, place your config in ~/.openclaw/credentials/ to avoid losing it:
CODEBLOCK1
You can also specify an explicit path with --config.
CODEBLOCK2
Important: Do not store full credentials in this file. Use only a partial fragment — enough to uniquely identify the credential via a contains, begins-with, or ends-with match.
Wildcard patterns:
- -
abc* — starts with "abc" - INLINECODE6� — ends with "xyz"
- INLINECODE7� — starts with "abc" AND ends with "xyz"
- INLINECODE8� (no asterisk) — contains "abc"
- INLINECODE9� (empty) — skip this credential
Options
- -
--format <type> — Output format: discord (default) or �INLINECODE12 - INLINECODE13� — Path to credential config file (default:
./leak-check.json, then ~/.openclaw/credentials/leak-check.json) - INLINECODE16�,
-h — Show help message
Output
Discord (Default)
CODEBLOCK3
Or if clean:
CODEBLOCK4
Config Echoes
If the leak-check.json config file is read or discussed during an OpenClaw session, the credential patterns will appear in that session's JSONL log. The scanner detects this and reports these matches separately as config echoes rather than real leaks:
CODEBLOCK5
Config echoes will continue to appear on every run until the session file is removed. To clear them, delete the session file from ~/.openclaw/agents/main/sessions/:
CODEBLOCK6
Tip: Avoid reading or referencing leak-check.json during an OpenClaw session. If it happens, note the session ID from the report and delete it.
JSON
CODEBLOCK7
Security
This skill is designed to be local-only and read-only. The following properties can be verified by inspecting scripts/leak-check.js:
- - No network access — no use of
http, https, net, dgram, fetch, WebSocket, or any network API - No child processes — no use of
child_process, exec, spawn, or �INLINECODE31 - No external dependencies — zero
npm packages; only Node.js built-ins (fs, path, os) - No dynamic code execution — no
eval(), Function(), or dynamic require()/�INLINECODE39 - No file writes — only
fs.readFileSync, fs.existsSync, and fs.readdirSync are used; no files are created, modified, or deleted - No environment variable access — does not read �INLINECODE43
- Output is stdout only — all results go to
console.log; nothing is sent elsewhere
Verify It Yourself
Confirm no unexpected APIs are used anywhere in the script:
CODEBLOCK8
Expected output — only the three built-in require() calls at the top of the file:
CODEBLOCK9
泄漏检查
扫描OpenClaw会话JSONL文件以查找泄漏的凭证。报告哪些真实AI提供商(anthropic、openai、google等)接收了数据,跳过内部投递回显。
快速开始
bash
检查泄漏的凭证(默认:discord格式)
node /home/claw/.openclaw/workspace/skills/leak-check/scripts/leak-check.js
JSON输出
node /home/claw/.openclaw/workspace/skills/leak-check/scripts/leak-check.js --format json
配置
要检查的凭证在leak-check.json中定义。脚本按以下顺序搜索此文件:
- 1. 技能目录(./leak-check.json)—— 向后兼容
- ~/.openclaw/credentials/leak-check.json —— 推荐的持久化位置(通过clawhub更新技能后仍保留)
由于clawhub在更新时会清空技能目录,请将配置放在~/.openclaw/credentials/中以避免丢失:
bash
mkdir -p ~/.openclaw/credentials
cp leak-check.json ~/.openclaw/credentials/leak-check.json
你也可以使用--config指定显式路径。
json
[
{ name: Discord, search: abc*xyz },
{ name: Postmark, search: k7Qm9x }
]
重要提示: 不要在此文件中存储完整凭证。仅使用部分片段——足够通过包含、开头匹配或结尾匹配来唯一标识凭证即可。
通配符模式:
- - abc —— 以abc开头
- xyz —— 以xyz结尾
- abc*xyz —— 以abc开头且以xyz结尾
- abc(无星号)—— 包含abc
- (空)—— 跳过此凭证
选项
- - --format —— 输出格式:discord(默认)或json
- --config —— 凭证配置文件路径(默认:./leak-check.json,然后~/.openclaw/credentials/leak-check.json)
- --help、-h —— 显示帮助信息
输出
Discord(默认)
🔐 凭证泄漏检查
⚠️ 发现2个泄漏的凭证
Discord令牌
• 会话:abc12345 | 2026-02-14 18:30 UTC | 提供商:anthropic
Postmark
• 会话:def67890 | 2026-02-10 09:15 UTC | 提供商:anthropic
或者如果干净:
🔐 凭证泄漏检查
✅ 未发现泄漏的凭证(检查了370个文件,7个凭证)
配置回显
如果在OpenClaw会话期间读取或讨论了leak-check.json配置文件,凭证模式将出现在该会话的JSONL日志中。扫描器会检测到这一点,并将这些匹配项单独报告为配置回显,而非真实泄漏:
📋 发现3个可能的配置回显(会话包含leak-check配置)
• Discord:1个会话
...
✅ 除配置回显外,无凭证泄漏
配置回显将在每次运行时持续出现,直到移除会话文件。要清除它们,请从~/.openclaw/agents/main/sessions/中删除会话文件:
bash
rm ~/.openclaw/agents/main/sessions/<会话UUID>.jsonl
提示: 避免在OpenClaw会话期间读取或引用leak-check.json。如果发生,请记下报告中的会话ID并将其删除。
JSON
json
{
leaks: [
{
credential: Discord令牌,
session: abc12345,
timestamp: 2026-02-14T18:30:00.000Z,
provider: anthropic
}
],
configEchoes: [
{
credential: Gateway,
session: b175e53c,
timestamp: 2026-02-19T18:00:30.067Z,
provider: minimax-portal,
configEcho: true
}
],
summary: {
filesScanned: 370,
credentialsChecked: 7,
leaksFound: 2,
configEchoesFound: 1
}
}
安全性
此技能设计为仅本地且只读。以下属性可通过检查scripts/leak-check.js进行验证:
- - 无网络访问 —— 不使用http、https、net、dgram、fetch、WebSocket或任何网络API
- 无子进程 —— 不使用child_process、exec、spawn或execSync
- 无外部依赖 —— 零个npm包;仅使用Node.js内置模块(fs、path、os)
- 无动态代码执行 —— 不使用eval()、Function()或动态require()/import()
- 无文件写入 —— 仅使用fs.readFileSync、fs.existsSync和fs.readdirSync;不创建、修改或删除任何文件
- 无环境变量访问 —— 不读取process.env
- 输出仅限stdout —— 所有结果通过console.log输出;不发送到任何其他地方
自行验证
确认脚本中任何地方都没有使用意外的API:
bash
grep -E require\(|import |http|fetch|net\.|dgram|child_process|exec|spawn|eval\(|Function\(|\.write|\.unlink|\.rename|process\.env scripts/leak-check.js
预期输出 —— 仅文件顶部的三个内置require()调用:
const fs = require(fs);
const path = require(path);
const os = require(os);
