How to protect sensitive info when you share?

channel Direct model claude-sonnet-4-6 date 2026-03-10 msgs 8 / 8

C
Claude09:00

Welcome to the demo session. This conversation demonstrates how sensitive information is displayed when you share a session via Chats Share. Model: claude-sonnet-4-6

D
Dev09:00

How does the redaction work? Does /clawpage handle it automatically?

C
Claude09:00

The /clawpage skill attempts to redact automatically. When you run /clawpage, it will:

  • Replace detected API keys, tokens, and passwords with
  • Replace detected hostnames, IPs, and URLs with
  • Replace detected credentials in connection strings with

However, AI-powered redaction is not 100% reliable. The skill might:

  • Miss unusual variable names or context-specific values
  • Misjudge something as non-sensitive when it's actually sensitive
  • Fail to detect information in comments or error messages

Always manually review before publishing.

D
Dev09:01

So how can I ensure sensitive data is properly redacted?

C
Claude09:01

Manual review + manual marking is the safest approach.

  1. After running /clawpage, open the generated YAML file
  2. Search for anything sensitive: API keys, passwords, tokens, internal URLs, IPs, customer data
  3. Manually replace any questionable content with
  4. Use consistently — the UI specifically recognizes this marker and applies special styling

When the UI sees (the word REDACTED inside square brackets), it renders with distinct styling. Anything else won't get the special treatment.

(Note: this page auto-renders to the styled version — in your YAML file, literally type the characters: left bracket, R-E-D-A-C-T-E-D, right bracket)

D
Dev09:03

What about the GitHub workflow? How do I review before publishing?

C
Claude09:03

Here's the typical flow:

  1. Run /clawpage in your conversation — the skill exports and attempts to redact
  2. Create a PR to your Chats Share repository — this lets you review changes before merging
  3. Manually review the YAML file in the PR — check for anything missed
  4. Manually add to anything that looks sensitive
  5. Merge the PR — the site auto-deploys and your chat is live

Critical: Make sure your repository is private. If it's public, anyone can view the raw YAML file at your GitHub repository history and see the original unredacted data.

The rendered page (/chats/your-session) is safe — only the YAML source contains the original values.

D
Dev09:04

So I need to: run /clawpage, manually review the YAML, add where needed, and keep my repo private. Got it!

C
Claude09:04

Exactly. To summarize:

  • ⚠️ AI redaction isn't perfect — always verify what /clawpage produces
  • Manual marking — the UI specifically recognizes in brackets
  • Visual distinction gets a red background, border, and glowing label
  • Review before merging — use GitHub PR workflow to check YAML first
  • ⚠️ Keep YAML sources private — the rendered page is safe, but raw YAML contains original data
  • ⚠️ Use a private GitHub repo — otherwise anyone can access the unredacted YAML directly

This demo session uses placeholders, so you can see the effect. Try viewing the page — the redactions will be clearly styled!