AI Agent OPSEC — Runtime Classified Data Enforcer Security Report — Trusted | ClawSafe

0 /100

AI Agent OPSEC — Runtime Classified Data Enforcer

Prevent your AI agent from leaking classified terms to external APIs, subagents, or logs. Zero dependencies, zero network calls.

This skill is a legitimate local-only redaction tool with no network calls, no credential access, and fully declared filesystem operations. Code behavior matches documentation exactly.

Skill NameAI Agent OPSEC — Runtime Classified Data Enforcer

Duration26.9s

Enginepi

✓

Safe to install

This skill is safe to use. No action required.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md line 12 declares READ to classified/classified-terms.md; code uses fs.r…
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md line 14 declares WRITE to memory/security/classified-access-audit.jsonl…
Network	`NONE`	`NONE`	—	SKILL.md line 16 declares 'NETWORK: None, Zero external calls'; code uses only N…

6 findings

🔗

Medium External URL 外部 URL

https://ko-fi.com/theshadowrose

README.md:209

🔗

Medium External URL 外部 URL

https://shadowyrose.gumroad.com

README.md:210

🔗

Medium External URL 外部 URL

https://twitter.com/TheShadowyRose

README.md:211

🔗

Medium External URL 外部 URL

https://promptbase.com/profile/shadowrose

README.md:213

🔗

Medium External URL 外部 URL

https://www.fiverr.com/s/jjmlZ0v

README.md:219

📧

Info Email 邮箱地址

[email protected]

README.md:208

File Tree

3 files · 20.1 KB · 568 lines

JavaScript 1f · 305L Markdown 2f · 263L

├─ ▾ 📁 src

│ └─ 📜 ClassifiedAccessEnforcer.js JavaScript 305L · 11.6 KB

├─ 📝 README.md Markdown 221L · 6.8 KB

└─ 📝 SKILL.md Markdown 42L · 1.7 KB

Security Positives

✓ Zero external dependencies - uses only Node.js built-in modules (fs, path)

✓ Declared and implemented filesystem operations are aligned (READ patterns, WRITE audit log)

✓ No network calls - fully air-gapped module as declared

✓ Security-conscious design: audit logs contain only redacted previews, never original sensitive text

✓ No credential harvesting - does not access environment variables, SSH keys, AWS credentials, or .env files

✓ No obfuscation - clean, readable JavaScript code with no base64, eval, or dynamic execution

✓ No remote execution - no subprocess, shell commands, or curl|bash patterns

✓ Runtime pattern loading enables immediate protection without restart

✓ Log rotation at 1MB prevents unbounded disk usage

Scan Report

File Tree

Security Positives