AI Agent OPSEC — Runtime Classified Data Enforcer

Prevent your AI agent from leaking classified terms to external APIs, subagents, or logs. Term registry + runtime redaction + pre-publish audit. Zero dependencies, zero network calls.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "AI Agent OPSEC — Runtime Classified Data Enforcer" with this command: npx skills add TheShadowRose/ai-agent-opsec

AI Agent OPSEC — Runtime Classified Data Enforcer

Keep your secrets out of web searches, external LLM calls, and subagent spawns.

Side Effects (Declared)

Type	Path	Description
READS	`<workspace>/classified/classified-terms.md`	Your term registry — add terms here once, protected everywhere
WRITES	`<workspace>/memory/security/classified-access-audit.jsonl`	Append-only audit log; auto-rotates at 1MB; never contains original sensitive text
NETWORK	None	Zero external calls. Fully local.

Important: Add classified/ and memory/security/ to your .gitignore to prevent accidental commits.

Setup

Create classified/classified-terms.md in your workspace root
Add one term per line (blank lines and # comments ignored)
Require and use the enforcer before any external call

const ClassifiedAccessEnforcer = require('./src/ClassifiedAccessEnforcer');
const enforcer = new ClassifiedAccessEnforcer('/path/to/workspace');

// Before any external API call
const { safe, payload } = enforcer.gateExternalPayload(userQuery, 'web_search');

// Before spawning a subagent
const { task } = enforcer.redactTaskBeforeSpawn(taskString, 'ResearchAgent');

See README.md for full documentation.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry Record Open in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Privacy Mask

Mask and redact sensitive information (PII) in screenshots and images — phone numbers, emails, IDs, API keys, crypto wallets, credit cards, passwords, and mo...

Registry SourceRecently Updated

1120

Profile unavailable

Security

RedactKit - AI Privacy Scrubber

Scan your data before sending it to AI. Detect and redact PII, secrets, and sensitive info. Reversible, local, zero network calls.

Registry SourceRecently Updated

066

Profile unavailable

Security

Sensitive Data Masker

Intelligent sensitive data detection and masking. Uses Microsoft Presidio + SQLite for automatic PII redaction with local restoration support.

Registry SourceRecently Updated

0198

Profile unavailable