← Back to Skills Marketplace
m-newhauser

PII Redactor

by m-newhauser · GitHub ↗ · v1.0.5 · MIT-0
cross-platform ⚠ suspicious
263
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install pii-redactor
Description
Redact sensitive information from text using a locally-hosted, zero-shot PII/PHI detection model.
Usage Guidance
This skill is conceptually coherent for local PII redaction, but do not install it blind. Before installing: 1) Verify the PyPI package source and review the package code (or the upstream GitHub repo) to ensure it does only what is described; confirm the package owner and checksums. 2) Reconcile the version mismatch (skill v1.0.5 vs pinned package 1.0.4) and confirm the correct release. 3) Ensure CLAWGUARD_URL is set only to localhost or a tightly-controlled internal HTTPS endpoint you operate (do not point to public or untrusted hosts). 4) Keep CLAWGUARD_TOKEN secret, store in a secret manager, and rotate if suspected compromised. 5) Test the service in an isolated environment first to confirm behavior and that the health/redact endpoints behave as documented. 6) If you cannot review the package code, treat the install as higher risk and consider alternatives (well-audited tools or in-process redactors).
Capability Analysis
Type: OpenClaw Skill Name: pii-redactor Version: 1.0.5 The skill is designed to redact PII by intercepting all outbound agent responses and transmitting them to a network-hosted service (clawguard-pii). While the SKILL.md includes defensive instructions for the agent to validate the CLAWGUARD_URL (restricting it to localhost or internal HTTPS) and use a bearer token, the capability to capture all communications and the dependency on an external PyPI package represent high-risk behaviors. These features are plausibly necessary for the stated purpose but constitute a significant attack surface and potential exfiltration channel if the service or validation logic is compromised.
Capability Assessment
Purpose & Capability
The skill name/description (local, zero-shot PII redaction) aligns with the declared binary requirement (clawguard) and the two required env vars (CLAWGUARD_URL, CLAWGUARD_TOKEN). Requesting a local service and a token is proportionate to the stated purpose. Note: the skill metadata/version (1.0.5) doesn't match the install package pin (clawguard-pii==1.0.4) which is inconsistent and should be reconciled.
Instruction Scope
SKILL.md instructs the agent to send the full draft response to the local redact endpoint and to block sending responses if the URL validation fails — this is expected for redaction. However, sending entire responses to an external service is an inherent exfiltration risk if CLAWGUARD_URL is pointed at a remote/untrusted host; the skill provides validation rules but those allow any HTTPS non-localhost 'internal-hostname' (ambiguous) which could be misused. The documentation also contains a placeholder/ambiguous source URL comment ('replace with the actual repository URL'), which suggests the package/source may not have been fully vetted.
Install Mechanism
The install spec uses a PyPI package (clawguard-pii==1.0.4) which will write a 'clawguard' binary — installing from PyPI is common but requires reviewing the package source. The SKILL.md references a GitHub URL placeholder and the registry lists a different skill version (1.0.5) than the pinned package (1.0.4), which is a red flag: either documentation or packaging is inconsistent. No code files were provided for static review, so the package itself is the only executable artifact to inspect before trusting it.
Credentials
Only CLAWGUARD_URL and CLAWGUARD_TOKEN are required, which map directly to running a local redaction service. There are no unrelated secrets requested. Still, because the agent will send draft responses to the endpoint, these env vars effectively become a potential exfiltration control — ensure the URL points only to a host you control and the token is stored securely and rotated if needed.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills. It allows autonomous invocation (disable-model-invocation=false) which is normal — combine that with the ability to send full responses to the configured endpoint and the exfiltration risk is increased if the endpoint is untrusted, but this is an operational risk rather than an improper privilege request.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pii-redactor
  3. After installation, invoke the skill by name or use /pii-redactor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.5
- Added structured YAML frontmatter with metadata, description, homepage, and install instructions. - Updated installation instructions to explicitly pin clawguard-pii to version 0.1.0 for consistency. - Linked to the PyPI homepage in metadata. - Included install requirements and instructions via uv in the metadata section. - Minor clarifications and formatting adjustments in the setup section.
v1.0.4
- Expanded and clarified documentation to reflect broader entity coverage (55+ categories) and zero-shot capability. - Enforced stricter safety checks: agent now validates that `CLAWGUARD_URL` points only to localhost or internal hosts with HTTPS. - Simplified and restructured setup and usage instructions for improved operator clarity. - Deployment guidance strengthened: emphasized local-only service, secret management, and audit controls for sensitive options. - Added explicit warnings about ML-based detection limitations, possible false positives/negatives, and the need for human review in critical contexts. - API and error handling sections streamlined and highlighted best practices for secure operation.
v1.0.3
**Switched to ClawGuard as the required local backend.** - Replaced all references to "nemoclaw" with "ClawGuard" for backend service and environment variables. - Updated setup and configuration instructions for the new ClawGuard-PII package (`pip install clawguard-pii`) and environment variables (`CLAWGUARD_URL`, `CLAWGUARD_TOKEN`). - Clarified how to start the server and synchronize tokens between agent and server. - Improved documentation and simplified configuration steps. - No changes to endpoint structure or response format.
v1.0.2
**1.0.2 → 1.0.3 changelog** - Updated all environment variable names from `PII_SERVICE_URL` / `PII_API_TOKEN` to `NEMOCLAW_URL` / `NEMOCLAW_TOKEN` for improved clarity and alignment with the underlying server. - Added a step-by-step configuration guide for securely generating and setting the `NEMOCLAW_TOKEN` secret. - Clarified that the skill uses only a locally hosted HTTP service and that the authentication token is mandatory, even for localhost deployments. - Simplified and shortened the description for accessibility; removed explicit mention of outbound response enforcement. - Minor improvements to operator/setup documentation; removed duplicate and unneeded explanations.
v1.0.1
Updated documentation in SKILL.md
v1.0.0
- Initial release of pii-redactor for redacting sensitive information from text before it leaves the system. - Supports detection and removal of 15 PII entity types (e.g., email, phone, SSN, credit card, API keys, passwords, addresses, and more). - Integrates with nvidia/gliner-PII; uses a configurable confidence threshold to balance recall and precision. - Provides a POST /redact endpoint for PII sanitization and a GET /health endpoint for service status. - Mandatory for every outbound response; outputs sanitized text and a clear notification when PII is removed. - Includes error handling and fallback instructions if the service is unavailable.
Metadata
Slug pii-redactor
Version 1.0.5
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 6
Frequently Asked Questions

What is PII Redactor?

Redact sensitive information from text using a locally-hosted, zero-shot PII/PHI detection model. It is an AI Agent Skill for Claude Code / OpenClaw, with 263 downloads so far.

How do I install PII Redactor?

Run "/install pii-redactor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is PII Redactor free?

Yes, PII Redactor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does PII Redactor support?

PII Redactor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created PII Redactor?

It is built and maintained by m-newhauser (@m-newhauser); the current version is v1.0.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments