← Back to Skills Marketplace
solmas

Openclaw Pii Anonymizer

by Seth Blakely · GitHub ↗ · v2.0.0 · MIT-0
cross-platform ✓ Security Clean
504
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-pii-anonymizer
Description
Privacy pipeline for OpenClaw - Hybrid regex + Qwen2.5 LLM to scrub PII (names/emails/SSNs/phones/wallets/IPs/paths) before external AI processing. Script wo...
README (SKILL.md)

OpenClaw PII Anonymizer v2.0

Status: ⚠️ Partially Working

  • ✅ Script works perfectly (manual invocation)
  • ❌ Auto-hook interception needs debugging

Hybrid regex + Qwen2.5:3b LLM to scrub PII before external AI calls.

Quick Start

# 1. Install Ollama model
ollama pull qwen2.5:3b

# 2. Test the script
cd ~/.openclaw/workspace/skills/openclaw-pii-anonymizer
bash privacy-anonymize-v2.sh "My name is John Doe, SSN 123-45-6789"
# Output: My name is [NAME], SSN [SSN]

What It Does

Replaces PII with tokens:

  • Names → [NAME]
  • SSNs → [SSN]
  • Emails → [EMAIL]
  • Phones → [PHONE]
  • Wallets → [WALLET]
  • IPs → [IP]
  • Paths → [PATH]

Two-layer approach:

  1. Regex (fast, \x3C1ms) - Structured PII (SSN, email, phone, etc.)
  2. Qwen2.5:3b (2-3s) - Contextual names (zero hallucination)

Usage

Manual (Working Now)

# In scripts/workflows
ANONYMIZED=$(bash privacy-anonymize-v2.sh "$USER_INPUT")
echo "$ANONYMIZED" | external-api-call

Automatic Hook (TODO)

Hook installed at ~/.openclaw/workspace/hooks/pii-shield/ but doesn't fire on messages yet. Debugging needed.

Requirements

  • Ollama running at http://localhost:11434
  • Model: qwen2.5:3b (1.9GB) - Better instruction-following than phi3:mini
  • RAM: 16GB recommended (6GB minimum but tight)
  • Dependencies: bash, curl, jq, sed

Why Qwen2.5:3b?

Tested alternatives:

  • phi3:mini - Hallucinates extra content, too chatty
  • qwen2.5:3b - Zero hallucination, task-focused, smaller (1.9GB vs 2.2GB)
  • Alternative: llama3.2:3b (similar performance)

Performance

  • Regex layer: \x3C1ms
  • LLM layer: 2-3s (only runs if names detected)
  • Optimization: Skips LLM for short messages or already-anonymized text

Known Issues

  1. Hook system - message:preprocessed event doesn't fire (needs investigation)
  2. Auto-interception - Messages not automatically scrubbed yet
  3. Re-contextualization - Not implemented (responses stay anonymized)

For Production

Consider NemoClaw for production deployments:

  • Built-in PII handling at architecture level
  • Enterprise-grade from Nvidia
  • No hook debugging needed

This skill: Development/testing, manual workflows
NemoClaw: Production with real customer PII

Testing

# Test 1: Structured PII
bash privacy-anonymize-v2.sh "SSN 123-45-6789, email [email protected]"
# Expected: SSN [SSN], email [EMAIL]

# Test 2: Names
bash privacy-anonymize-v2.sh "Hi, I'm Alice Johnson"
# Expected: Hi, I'm [NAME]

# Test 3: Complex
bash privacy-anonymize-v2.sh "John Smith ([email protected]), SSN 987-65-4321, wallet 0x1234567890abcdef1234567890abcdef12345678"
# Expected: [NAME] ([EMAIL]), SSN [SSN], wallet [WALLET]

Files

  • privacy-anonymize-v2.sh - Main script (hybrid approach)
  • privacy-anonymize.sh - Old v1 (phi3:mini, deprecated)
  • hooks/pii-shield/ - Auto-interception hook (needs debugging)
  • README.md - Full documentation

Configuration

export OLLAMA_URL=http://localhost:11434
export OLLAMA_MODEL=qwen2.5:3b

Roadmap

  • Fix hook system for auto-interception
  • Re-contextualization (restore real names in responses)
  • Expanded regex patterns (international formats)
  • Async LLM (non-blocking)
  • Caching for repeated phrases

Version

v2.0 (March 17, 2026)

  • Hybrid regex + Qwen2.5:3b
  • Script works perfectly
  • Hook needs debugging

v1.0.2 (March 1, 2026)

  • phi3:mini based
  • Hallucination issues

License: MIT
Author: Solmas (Seth Blakely)
Homepage: https://github.com/solmas/openclaw-pii-anonymizer

Usage Guidance
This package appears to do what it says, but review these points before installing or using on real PII: - Ensure OLLAMA_URL points to a trusted, local Ollama instance (http://localhost:11434). If you set OLLAMA_URL to a remote server, sensitive text will be sent there. - Fix the small env-var mismatch: the v2 script reads MODEL (default qwen2.5:3b) while SKILL.md mentions OLLAMA_MODEL — set MODEL or adjust the script accordingly. - Test thoroughly with non-sensitive data first. Confirm the model output contains only anonymized tokens and no unintended content. - Consider improving JSON construction to avoid input injection issues (use jq or a safer encoding method rather than simple quote-escaping), and validate long inputs before sending to the LLM. - The hook system is noted as broken; do not rely on automatic interception until the hook is fixed and audited. - Be aware of model licensing and storage: pulling qwen2.5:3b downloads a ~1.9GB model; ensure you have the resources and that model logs/storage are controlled. If you want higher assurance, ask the author for a short review or run the script in an isolated environment and verify network traffic (e.g., confirm curl only calls the configured OLLAMA_URL and nothing else).
Capability Analysis
Type: OpenClaw Skill Name: openclaw-pii-anonymizer Version: 2.0.0 The skill bundle is a legitimate PII (Personally Identifiable Information) anonymization tool that uses a hybrid approach of local regex patterns and a local LLM (Ollama/Qwen2.5) to redact sensitive data like SSNs, emails, and names. The primary script, `privacy-anonymize-v2.sh`, performs standard text processing and communicates only with a user-defined local Ollama endpoint. No evidence of data exfiltration, malicious execution, or prompt-injection attacks was found; the code and documentation are consistent with the stated goal of enhancing privacy.
Capability Assessment
Purpose & Capability
Name/description (PII anonymizer) match the included scripts and declared requirements (jq, curl, bash, sed, OLLAMA_URL). The scripts implement a hybrid regex + local LLM approach described in SKILL.md; required binaries and the local Ollama endpoint are appropriate for this purpose.
Instruction Scope
Runtime instructions and scripts are limited to local operations: regex substitution, conditional calls to the Ollama HTTP API, and returning anonymized text. The SKILL.md does reference hooks and workspace paths but explicitly notes the hook currently doesn't fire. The scripts do not attempt to read unrelated system secrets or network endpoints beyond the configured OLLAMA_URL.
Install Mechanism
This is instruction-only with no automated install spec; SKILL.md suggests installing system packages (apt jq/curl) and manually pulling an Ollama model. No remote code download or arbitrary archive extraction is specified by the skill itself.
Credentials
The only required env var is OLLAMA_URL, which is appropriate. Two small inconsistencies to note: SKILL.md suggests exporting OLLAMA_MODEL but privacy-anonymize-v2.sh reads MODEL (and defaults to qwen2.5:3b); v1 uses MODEL default phi3:mini. Also, if a user points OLLAMA_URL to a remote service (not localhost), PII would be sent to that endpoint — ensure the endpoint is local/trusted.
Persistence & Privilege
The skill does not request always:true or other high privileges. It is user-invocable and does not modify other skills or system-wide settings. The hook installation is described but nonfunctional; nothing indicates the skill will persistently enable itself or alter unrelated configurations.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-pii-anonymizer
  3. After installation, invoke the skill by name or use /openclaw-pii-anonymizer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
v2.0: Hybrid regex + Qwen2.5:3b
v1.0.1
v1.0.1 skill-creator: Ultra-minimal YAML, security fixes.
v1.0.0
Ollama phi3:mini PII scrubber for OpenClaw MEMORY.md/tools. Host (10.0.2.2:11434)/VM ready. GitHub: solmas/openclaw-pii-anonymizer.
Metadata
Slug openclaw-pii-anonymizer
Version 2.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Openclaw Pii Anonymizer?

Privacy pipeline for OpenClaw - Hybrid regex + Qwen2.5 LLM to scrub PII (names/emails/SSNs/phones/wallets/IPs/paths) before external AI processing. Script wo... It is an AI Agent Skill for Claude Code / OpenClaw, with 504 downloads so far.

How do I install Openclaw Pii Anonymizer?

Run "/install openclaw-pii-anonymizer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Pii Anonymizer free?

Yes, Openclaw Pii Anonymizer is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Openclaw Pii Anonymizer support?

Openclaw Pii Anonymizer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Openclaw Pii Anonymizer?

It is built and maintained by Seth Blakely (@solmas); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments