← Back to Skills Marketplace
MaskClaw: Evolutionary Personalized Privacy Guard
by
Dongying Zheng
· GitHub ↗
· v1.0.0
· MIT-0
87
Downloads
2
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install maskclaw
Description
MaskClaw - 端侧隐私保护 Skill 套件,提供智能打码、行为监控与规则自进化能力
Usage Guidance
Key things to consider before installing or running this skill:
1) Incomplete bundle: SKILL.md and code reference a local model server (model_server/minicpm_api.py) and platform modules (memory.chroma_manager, sandbox.*, skill_registry) that are not present in the package. Do not run the code until you confirm those components exist and are the exact implementations you expect.
2) Self-evolution persistence: The evolution engine is designed to write new skills/rules under user_skills/ and to update a skill registry DB. This is powerful and can persist generated code/artifacts. If you plan to use this, run it in an isolated environment (VM/container) and audit any generated files before allowing them to be loaded or executed.
3) Review network and file paths: The package talks to a local LLM at 127.0.0.1 and writes logs to memory/ and user_skills/. Ensure the model server is actually local and not configured to proxy to an external host. Inspect what is stored in memory/logs and user_skills for sensitive data and manage file permissions accordingly.
4) Confirm masking guarantees: The architecture claims raw screenshots are never uploaded. Validate in practice by tracing all code paths that forward data (search for any external URLs or non-local hosts) and ensure only masked images (not originals) are forwarded to any remote or cloud agent.
5) Dependency and import issues: The evolution module swallows ImportError in a try/except but then proceeds to call components (ChromaManager(), SkillDB()) without guarding for their absence — this will crash or behave unpredictably. Ensure all required internal modules or replacement stubs are present before running.
6) Test in a sandbox: If you want to evaluate functionality, run demos in a controlled environment with no network egress, minimal test data, and review all files produced. Require and manually run the 'sandbox/regression_test.py' and any validators the package claims to use before enabling auto-publishing.
If you want, I can (a) list the exact lines that attempt to write to user_skills / skill_registry, (b) search the code for any non-local network endpoints, or (c) suggest a minimal safe test plan/commands to run this package in an isolated environment.
Capability Analysis
Type: OpenClaw Skill
Name: maskclaw
Version: 1.0.0
The MaskClaw skill bundle is a privacy-preserving framework designed to mask sensitive information (PII) and refine privacy rules through user feedback. It utilizes RapidOCR and OpenCV for local image de-identification (smart_masker.py), logs agent/user interactions to identify privacy 'corrections' (behavior_monitor.py), and employs a structured 'hill-climbing' evolution mechanic to optimize Standard Operating Procedures (SOPs) using a local LLM API (evolution_mechanic.py). The code is well-documented, lacks any indicators of data exfiltration or unauthorized execution, and its complex 'self-evolution' features are strictly constrained to refining privacy-related instructions within a local environment.
Capability Assessment
Purpose & Capability
The skill's name/description (on-device privacy: OCR-based masking, behavior monitoring, rule evolution) aligns with the included modules (smart_masker, behavior_monitor, evolution_mechanic). However there are mismatches: SKILL.md instructs starting a model server at model_server/minicpm_api.py (no model_server folder in the manifest), and evolution code expects local components (memory.chroma_manager, sandbox.*, skill_registry) that are not declared in SKILL.md dependencies. Some declared Python packages (rapidocr, opencv-python, chromadb, transformers) are consistent with OCR/RAG/LLM usage, but modules representing local project components are missing or not guaranteed to exist. This suggests the bundle is incomplete or assumes additional platform components.
Instruction Scope
Runtime instructions ask to run a local MiniCPM model server and then use the skills to process images and write behavior logs. The code writes/reads under memory/ and user_skills/ and saves masked images, and the evolution engine reads those logs and writes new skill artifacts into user_skills/ and a skill registry DB. Writing user-generated skills and 'publishing' them is within the stated self-evolution purpose, but it grants the skill the ability to generate and persist code that could later be executed. SKILL.md also claims a prohibition on uploading raw screenshots, which the code appears to follow (it sends masked images), but you should verify there is no path that forwards unmasked data. Additionally, several instructions reference files or modules not present in the package (e.g., model_server/minicpm_api.py, sandbox modules), creating ambiguity about actual runtime behavior.
Install Mechanism
There is no automated install spec (instruction-only with code files). That lowers supply-chain risk (nothing downloaded/install-run at install time). Required Python packages are listed in SKILL.md and are plausible for OCR/vision and RAG/LLM work. Because there is no remote download step in the manifest, there is no immediate high-risk installer URL to flag.
Credentials
The skill requests no environment variables or external credentials. Its operations are local (OCR, file I/O under memory/ and user_skills/, local HTTP to 127.0.0.1 for MiniCPM). No cloud credentials or unrelated secrets are required, which is proportionate to the described functionality. That said, local files written may contain sensitive metadata (behavior logs, rules), so file-location access should be considered.
Persistence & Privilege
The self-evolution engine is designed to generate and persist new SOPs/skills into a user_skills directory and to save session traces into a skill registry DB. While this is coherent with a 'self-evolving' design, it means the skill can create and store new code/artifacts on disk and update its local skill database. Combined with autonomous invocation (model invocation is allowed by default) this raises a higher blast radius: the skill could iteratively modify/publish artifacts that later get executed by the agent. The SKILL.md mentions sandbox tests and a FinalSandbox, but those components are referenced in code/imports and are not present in the manifest, so the enforcement of sandbox gates is unclear.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install maskclaw - After installation, invoke the skill by name or use
/maskclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
MaskClaw Core v1.0.0 初始版本发布
- 三大核心模块:智能视觉打码(Smart_Masker)、行为监控(Behavior_Monitor)、规则自进化(Skill_Evolution)
- 支持端侧隐私保护,基于 MiniCPM-V 4.5
- 集成 ChromaDB RAG 规则知识库
- 提供 API 契约和详细使用文档
- 适配 Android、Windows、macOS 多平台
Metadata
Frequently Asked Questions
What is MaskClaw: Evolutionary Personalized Privacy Guard?
MaskClaw - 端侧隐私保护 Skill 套件,提供智能打码、行为监控与规则自进化能力. It is an AI Agent Skill for Claude Code / OpenClaw, with 87 downloads so far.
How do I install MaskClaw: Evolutionary Personalized Privacy Guard?
Run "/install maskclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is MaskClaw: Evolutionary Personalized Privacy Guard free?
Yes, MaskClaw: Evolutionary Personalized Privacy Guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does MaskClaw: Evolutionary Personalized Privacy Guard support?
MaskClaw: Evolutionary Personalized Privacy Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created MaskClaw: Evolutionary Personalized Privacy Guard?
It is built and maintained by Dongying Zheng (@theodora-y); the current version is v1.0.0.
More Skills