Kiteworks Agent Marketplace
Sign in with Kiteworks
Compliance-grade Governance

Metadata Scrubber

by Kiteworks Inc. · v0.1.0

See the hidden metadata your documents carry — author, edit history, company, template, custom properties and sensitivity labels — across a Kiteworks folder, then clean it. Scan reports presence, counts and type only, never the values; clean strips Tier-1 properties into a non-destructive copy while protecting sensitivity labels. The content never leaves the platform.

Mutating · approval required Metadata only RBAC / ABAC Audit logged
Install View on GitHub
Free for Kiteworks customers
Version v0.1.0 Status Live Posture Mutating

What it does

Scan a Kiteworks folder for the sensitive file metadata your documents carry (author, edit history, company, template, custom properties, sensitivity labels), report what is present, how much, and its type — never the values — and clean Tier-1 properties into a non-destructive copy, all without the content leaving the platform.

metadata-scan metadata-clean artifact-output

See it in action

You

What metadata do the files in Legal/Contracts carry?

Metadata Scrubber

Pinning Legal/Contracts and scanning each PDF and Office file on the platform — reporting only WHICH metadata fields are present, how many, their type, and any sensitivity label. Never the values, and nothing is changed.

Read-only scan. Run "report" to save a CSV. "clean" writes a non-destructive copy (labels kept); opt in to also drop .docx comments, accept tracked changes, or remove hidden text.
Illustrative example · not live tenant data

Relevant regulations and standards

Frameworks and mandates this agent helps you address. Not a certification — your own controls and assessment still apply.

GDPR

Tags

metadatagovernancedlp

What's new

latest 0.1.0

Published version history. The latest version is what new installs receive; your administrator chooses when to upgrade.

  1. 0.1.0 stable latest 2026-06-18
    • Initial release: scan-only file-metadata agent over the privileged content lane (#296).
    • scan (read-only, metadata-scan): per-file report of WHICH metadata taxonomy fields are present, how many, each field's value type, and whether a sensitivity (MSIP) label is present — for PDF and Office (.docx/.pptx/.xlsx) files. Presence/counts/type only; never a metadata value or a raw property name (D4). Writes nothing, saves nothing.
    • report (read-only, metadata-scan + artifact-output): the same scan plus a saved CSV of the per-file summary; refuses with export_unavailable when artifact output is not wired.
    • No clean/apply operation — metadata removal is a later, separately gated capability (#325) that extends this bundle. PDF scanning requires the optional [watermark] engine; PDFs are skipped with a reason when it is absent (never reported as clean).

Install in Claude Code

claude plugin marketplace add \
  kiteworks/agent-marketplace
claude plugin install \
  kiteworks-metadata-scrubber@kiteworks

Prerequisites

  • Kiteworks Compliance Runtime — install via pip install kw-mcp-gateway (host >=1.0.0,<2.0.0). This agent calls into the runtime for deterministic, audited execution.
  • Official Kiteworks MCP >=9.3.0 (used by the runtime) — install and sign in from github.com/kiteworks/mcp.
  • Python >=3.11.

Connect from Claude

Add this marketplace as a remote MCP connector in Claude Desktop or Claude Code — point it at <your-host>/mcp. One process per deployment; no per-machine install. Requires the official Kiteworks MCP to be configured.