Agent Skills
› NeverSight/learn-skills.dev
› memory-publication-auditor
memory-publication-auditor
GitHub用于在发布前审计私有记忆、技能或日志,识别可公开内容并执行隐私脱敏。通过分类标签(如private-only、redactable)区分敏感信息与通用模式,生成审计报告及脱敏后的公共候选项,确保不泄露账号、IP等私密数据,支持安全转化为公共技能或文档。
Trigger Scenarios
扫描个人私有记忆以提取可发布的知识
检查技能或笔记中是否存在隐私风险或来源可见性泄漏
需要将内部操作日志或私有经验转化为公共模板或技能
Install
npx skills add NeverSight/learn-skills.dev --skill memory-publication-auditor -g -y
SKILL.md
Frontmatter
{
"name": "memory-publication-auditor",
"description": "Audit private skills, memories, notes, or operational logs before turning them into public skills, templates, docs, or reusable patterns. Use when scanning personal\/private memory for publishable knowledge, redaction needs, privacy risks, source-visibility leaks, or PR-ready public skill candidates.",
"allowed-tools": "Read, Write, Edit, Bash, Glob",
"argument-hint": "[private-path ...] [--output .agent\/publication-audits\/<id>\/audit.md]"
}
Memory Publication Auditor
Audit private experience before publication. This skill answers: Which private memory or skill content can become public knowledge, and what must stay private or be redacted?
This is not a copying skill. It is a conservative sieve: private material comes in, sanitized reusable patterns may come out.
Skill Directory Layout
<installed-skill-dir>/
├── SKILL.md
├── scripts/
│ └── scan_publication_candidates.py
├── references/
│ └── classification-policy.md
└── templates/
├── audit-report.md
└── publication-candidate.md
Core Contract
- Default to
private-onlyorneeds-human-reviewwhen uncertain. - Never publish account names, usernames, hostnames, private IPs, tokens, local paths, private server names, unpublished project details, collaborator identities, or raw trajectories.
- Distinguish private facts from publishable operational patterns.
- Produce an audit report first; only draft public skills/docs from sanitized candidates.
- Keep audit artifacts local/private by default under
.agent/publication-audits/.
Classification Labels
private-only: cannot be published, even with light edits.redactable: useful pattern exists, but private identifiers or context must be replaced.publishable: safe as written, after normal quality review.reusable-pattern: abstract method, workflow, checklist, or diagnostic pattern worth turning into a public skill/template.needs-human-review: ambiguous ownership, privacy, copyright, collaborator, or unpublished-project risk.
Workflow
- Read
references/classification-policy.md. - Identify input paths: private skill directories, memory files, notes, sidecar decisions, or sanitized logs.
- Run the deterministic scanner when scanning files:
python3 <installed-skill-dir>/scripts/scan_publication_candidates.py \
--input <private-path> \
--output .agent/publication-audits/<audit-id>/audit.md
- Review the report before reading raw private files in detail.
- Classify each candidate:
- private facts -> keep private
- private facts plus reusable method -> draft a redacted pattern
- already generic workflow -> mark publishable
- If drafting a public artifact, fill
templates/publication-candidate.mdand replace all private specifics with placeholders. - Route next:
- public skill candidate -> create manually or use
skill-system-auditorto check collection fit before adding - docs/template candidate ->
update-docs - private preference ->
personalization-memory - source-visibility risk ->
research-project-memory
- public skill candidate -> create manually or use
Output Rules
- Audit reports may contain redacted evidence snippets, not raw secrets or private context.
- Public candidates must use placeholders such as
<host>,<target-ip>,<project-root>,<user>,<cluster>, and<private-path>. - Do not include concrete private examples from the source material just to make the public version vivid.
- If a claim depends on private evidence, say "derived from private operational memory" rather than exposing the evidence.
Version History
- e0220ca Current 2026-07-05 21:35


