Content Scrubber
An OpenClaw extension plugin that intercepts outgoing messages and redacts private infrastructure details before delivery.
What It Catches
- - RFC 1918 IPv4 addresses: 10.x.x.x, 172.16-31.x.x, 192.168.x.x
- Loopback addresses: 127.x.x.x
- localhost with ports: localhost:8080, localhost:3000, etc.
- SSH/SCP targets: user@10.0.0.1:/path
- Custom hostnames: configurable hostname patterns
How It Works
The plugin registers as a message interceptor. Before any message leaves OpenClaw (Discord, Telegram, Signal, etc.), it runs through regex-based scrubbing rules that replace private details with safe placeholders like [redacted-ip], [redacted-service], [redacted-target].
Rules are deterministic (regex, not LLM), so they're fast, auditable, and never miss edge cases that an LLM scrubber would.
Installation
- 1. Copy the plugin files to your OpenClaw extensions directory:
�CODEBLOCK0
- 2. Add to your
openclaw.json plugins config:
�CODEBLOCK1
- 3. Restart OpenClaw.
Configuration
| Option | Type | Default | Description |
|---|
| INLINECODE4 | boolean | false | Log what would be scrubbed without actually redacting |
| INLINECODE5 |
string[] | [] | Chat IDs where scrubbing is skipped (e.g., private DMs with yourself) |
Example
Before scrubbing:
SSH into admin@10.0.0.50 and check the service on localhost:8096
After scrubbing:
SSH into [redacted-target] and check the service on [redacted-service]
内容擦除器
一个OpenClaw扩展插件,用于拦截外发消息并在投递前编辑私有基础设施细节。
捕获内容
- - RFC 1918 IPv4地址:10.x.x.x、172.16-31.x.x、192.168.x.x
- 回环地址:127.x.x.x
- 带端口的本地主机:localhost:8080、localhost:3000等
- SSH/SCP目标:user@10.0.0.1:/path
- 自定义主机名:可配置的主机名模式
工作原理
该插件注册为消息拦截器。在任何消息离开OpenClaw(Discord、Telegram、Signal等)之前,它会通过基于正则表达式的擦除规则,将私有细节替换为安全的占位符,如[已编辑-IP]、[已编辑-服务]、[已编辑-目标]。
规则是确定性的(使用正则表达式,而非大语言模型),因此速度快、可审计,且永远不会遗漏大语言模型擦除器可能遗漏的边缘情况。
安装
- 1. 将插件文件复制到您的OpenClaw扩展目录:
~/.openclaw/extensions/content-scrubber/
├── index.ts
├── openclaw.plugin.json
└── package.json
- 2. 添加到您的openclaw.json插件配置中:
json
{
plugins: {
entries: {
content-scrubber: {
enabled: true,
config: {
dryRun: false,
allowedRecipients: []
}
}
}
}
}
- 3. 重启OpenClaw。
配置
| 选项 | 类型 | 默认值 | 描述 |
|---|
| dryRun | 布尔值 | false | 记录将被擦除的内容,但不实际编辑 |
| allowedRecipients |
字符串数组 | [] | 跳过擦除的聊天ID(例如,与自己的私密对话) |
示例
擦除前:
通过SSH登录admin@10.0.0.50并检查localhost:8096上的服务
擦除后:
通过SSH登录[已编辑-目标]并检查[已编辑-服务]上的服务
