← Back to Skills Marketplace
daririnch

DCL Sentinel Trace — PII Redactor & Identity Exposure Detector

by Dari Rinch · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ✓ Security Clean
168
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install dcl-sentinel-trace
Description
Instruction-only PII detector and redactor for AI outputs. Detects emails, phones, SSNs, bank cards, IBANs, crypto addresses, and IPs entirely within the age...
README (SKILL.md)

DCL Sentinel Trace — Leibniz Layer™

Publisher: @daririnch · Fronesis Labs
Version: 2.0.0
Part of: Leibniz Layer™ Security Suite

What this skill does

DCL Sentinel Trace detects and redacts personally identifiable information in AI outputs before they reach users or downstream systems.

This skill is 100% instruction-only. No text is sent to any external server. The entire analysis runs inside the agent's context window. The scanned text never leaves the agent.

What gets detected

Category Examples
email Any email address pattern
phone International and local phone number formats
national_id SSNs, national ID numbers, tax IDs
bank_card Card PANs (Visa, Mastercard, Amex, etc.)
iban International bank account numbers
crypto_address Bitcoin, Ethereum, and other wallet addresses
ip_address IPv4 and IPv6 addresses
passport Passport and travel document numbers

When to use this skill

  • AI output may contain personal data from user input, documents, or retrieved content
  • Your pipeline requires GDPR or HIPAA compliance before delivering responses
  • A coding or data agent processes datasets that may contain real PII
  • You need a privacy checkpoint before logging or storing AI outputs

How to run a scan

Paste the text to scan into the conversation. The agent screens it locally against the checklist below. No network requests are made.

Step 1 — Run the detection checklist

Work through each category. For each match found, record:

  • type — which PII category triggered
  • redacted_sample — masked version (e.g. te****@****.com)
  • severitycritical for financial/ID data, major for contact data

Step 2 — Apply verdict logic

Condition Verdict
Any finding NO_COMMIT
No findings COMMIT

Detection Checklist

T1 — Email Addresses (Major)

  • Any string matching [text]@[domain].[tld] pattern

T2 — Phone Numbers (Major)

  • International format: +[country code][number]
  • Local formats: sequences of 7–15 digits with common separators

T3 — National ID / SSN (Critical)

  • US SSN: three digits, two digits, four digits pattern
  • National ID formats for other countries: fixed-length numeric or alphanumeric sequences in ID context

T4 — Bank Card PANs (Critical)

  • 13–19 digit sequences matching major card network prefixes
  • With or without spaces/dashes between groups

T5 — IBANs (Critical)

  • Two-letter country code followed by two check digits and up to 30 alphanumeric characters

T6 — Crypto Wallet Addresses (Major)

  • Bitcoin: Base58 strings of 25–34 chars starting with 1, 3, or bc1
  • Ethereum: 42-char hex strings starting with 0x
  • Other chains: similar fixed-length address patterns in wallet context

T7 — IP Addresses (Minor)

  • IPv4: four octets separated by dots
  • IPv6: eight groups of hex digits separated by colons

T8 — Passport / Document Numbers (Critical)

  • Alphanumeric strings of 6–9 characters in passport or document number context

Output schema

{
  "verdict": "COMMIT | NO_COMMIT",
  "detections": [
    {
      "type": "email",
      "redacted_sample": "te****@****.com",
      "severity": "major"
    }
  ],
  "detection_count": 0,
  "categories_checked": ["T1","T2","T3","T4","T5","T6","T7","T8"],
  "categories_clear": ["T1","T2","T3","T4","T5","T6","T7","T8"],
  "powered_by": "DCL Sentinel Trace · Leibniz Layer™ · Fronesis Labs"
}

Where Sentinel Trace fits in the DCL pipeline

Untrusted input
        │
        ▼
DCL Prompt Firewall        ← blocks malicious input
        │ COMMIT
        ▼
      LLM
        │
        ▼
DCL Policy Enforcer        ← compliance check on output
        │ COMMIT
        ▼
DCL Sentinel Trace         ← PII redaction (instruction-only)
        │ COMMIT
        ▼
DCL Secret Leak Detector   ← credential scan
        │ COMMIT
        ▼
DCL Output Sanitizer       ← final sweep
        │ COMMIT
        ▼
DCL Semantic Drift Guard   ← hallucination check
        │ IN_COMMIT
        ▼
Safe to deliver

Privacy & Data Policy

This skill is operated by Fronesis Labs and is 100% instruction-only.

No data leaves the agent. All analysis runs entirely within the agent's context window. No content is transmitted to any server.

Full policy: https://fronesislabs.com/#privacy · Browse the full DCL Security Suite: hub.fronesislabs.com · Questions: [email protected]

Related skills

  • dcl-prompt-firewall — Input-layer injection and jailbreak detection
  • dcl-secret-leak-detector — Credential and API key scan
  • dcl-output-sanitizer — Final output sweep
  • dcl-policy-enforcer — Compliance and regulatory check

Leibniz Layer™ · Fronesis Labs · fronesislabs.com

Usage Guidance
This skill is internally consistent with its purpose and low-risk as an instruction-only checklist, but take these precautions before relying on it in production: - Test thoroughly with representative inputs (various card formats, SSNs, international phone numbers, IBANs, crypto addresses) to evaluate false negatives and false positives. - Prefer deterministic, auditable redaction (well-tested regexes or a small vetted library) if you require provable compliance; the skill relies on informal 'in context' judgment which can vary. - Do not assume 'no data leaves the agent' guarantees anything about your runtime environment — verify that your agent platform or surrounding pipeline does not automatically log or forward conversation content. - Note minor metadata inconsistencies: SKILL.md claims Version 2.0.0 while registry metadata lists 1.0.2, and the registry lists no homepage even though the SKILL.md links to fronesislabs.com. If provenance matters, ask the publisher for source code or an authoritative release page and confirm the publisher identity. - If you need higher assurance (HIPAA/GDPR audits, regulated production use), prefer a skill with published code, test vectors, and deterministic redaction logic you can review or run locally.
Capability Analysis
Type: OpenClaw Skill Name: dcl-sentinel-trace Version: 1.0.2 The 'dcl-sentinel-trace' skill is an instruction-only PII detector and redactor designed to identify sensitive information (emails, SSNs, bank cards, etc.) within the agent's context window. It contains no executable code, makes no network requests, and provides a structured checklist and output schema for the agent to follow. The instructions are aligned with its stated purpose of enhancing privacy and compliance (GDPR/HIPAA) without any indicators of malicious intent or prompt injection.
Capability Tags
cryptorequires-wallet
Capability Assessment
Purpose & Capability
The name and description describe a PII detection/redaction step. The skill is instruction-only and requires no binaries, installs, or credentials — which matches a purely local/text-processing checklist. There are no requests for unrelated cloud credentials or system access.
Instruction Scope
The SKILL.md confines activity to scanning pasted text and producing a redacted output schema; it explicitly states no network requests. However the detection rules are described at a high level (patterns and 'in context' judgements) and rely on the agent's judgment rather than a deterministic, auditable regex implementation. That makes false negatives/positives and inconsistent redaction behavior possible. The instructions do not ask the agent to read files or environment variables beyond the conversation text.
Install Mechanism
There is no install spec and no code files — lowest-risk instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no environment variables, credentials, or config paths. This is proportionate to an instruction-only redaction checklist.
Persistence & Privilege
always:false and normal invocation settings. The skill does not request persistent presence or system configuration changes. Autonomous invocation is allowed by platform default but the skill itself does not ask for elevated privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install dcl-sentinel-trace
  3. After installation, invoke the skill by name or use /dcl-sentinel-trace
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Major update: Sentinel Trace is now 100% instruction-only and runs fully inside the agent, with no external data transfer. - All PII detection and redaction happens entirely within the agent's local context — scanned text never leaves the agent. - Updated checklist and detection categories for better clarity and stricter compliance coverage. - Introduced severity ratings for different PII types (critical, major, minor). - Expanded documentation on how to use, agent workflow, and where Sentinel Trace fits in the DCL pipeline. - Removal of all references to network endpoints, audit trails, or persistent logging — fully privacy-preserving. - Modernized output schema for greater transparency and compliance reporting.
v1.0.1
dcl-sentinel-trace v1.0.1 - Added a dedicated "Privacy & Data Policy" section to documentation - Clarified details on data processing, retention, PII handling, and infrastructure - Provided direct link to full privacy policy and support contact information
v1.0.0
dcl-sentinel-trace v1.0.0 — Initial Release - Production-ready PII & identity exposure detector for AI pipelines - Detects: emails, phone numbers (intl/US), SSNs, national ID numbers, bank card PANs, IBANs, Bitcoin & Ethereum addresses, IP addresses, passport and document numbers - Powered by Leibniz Layer™ — every detection produces a cryptographically tamper-evident audit proof - NO_COMMIT verdict blocks PII before it leaves your pipeline; raw data is never stored or exposed - Zero data retention, no third-party leakage - GDPR & HIPAA compliant - Endpoints: /evaluate, /health, /chain/tail
Metadata
Slug dcl-sentinel-trace
Version 1.0.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is DCL Sentinel Trace — PII Redactor & Identity Exposure Detector?

Instruction-only PII detector and redactor for AI outputs. Detects emails, phones, SSNs, bank cards, IBANs, crypto addresses, and IPs entirely within the age... It is an AI Agent Skill for Claude Code / OpenClaw, with 168 downloads so far.

How do I install DCL Sentinel Trace — PII Redactor & Identity Exposure Detector?

Run "/install dcl-sentinel-trace" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is DCL Sentinel Trace — PII Redactor & Identity Exposure Detector free?

Yes, DCL Sentinel Trace — PII Redactor & Identity Exposure Detector is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does DCL Sentinel Trace — PII Redactor & Identity Exposure Detector support?

DCL Sentinel Trace — PII Redactor & Identity Exposure Detector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created DCL Sentinel Trace — PII Redactor & Identity Exposure Detector?

It is built and maintained by Dari Rinch (@daririnch); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments