← Back to Skills Marketplace
185
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install zipsa
Description
Local-first privacy gateway for LLM applications. Use when the user needs to process sensitive, private, or proprietary information (PII, health records, int...
Usage Guidance
This skill is a configuration/routing helper that expects you to run a separate local Zipsa server. Before installing or enabling it: 1) Ensure you actually host a trusted Zipsa instance on localhost (the skill alone does not provide scanning/masking logic). 2) Do not set OPENAI_BASE_URL to a remote or untrusted URL — the gateway must be local/trusted to protect sensitive data. 3) Review and lock down admin-console integrations (Slack, webhooks, SIEM) because misconfigured alert/webhook destinations could leak sensitive events. 4) Test with non-sensitive sample data first to confirm behavior (blocking/masking) and inspect where audit logs are sent and stored. 5) If you need the gateway to contact cloud providers, provision provider credentials in a controlled location and review that those credentials are used only by your trusted Zipsa service.
Capability Analysis
Type: OpenClaw Skill
Name: zipsa
Version: 0.4.1
The 'zipsa' skill is a privacy-preserving gateway designed to intercept and sanitize sensitive data (PII, credentials, health records) locally before routing requests to cloud LLM providers. The provided Python script (scripts/relay_zipsa.py) is a straightforward relay to a local endpoint (localhost:8000), and the extensive documentation (SKILL.md, references/admin-dashboard.md) describes legitimate security features, including ISMS-P compliance mapping and local data masking, with no evidence of malicious intent, data exfiltration, or unauthorized execution.
Capability Tags
Capability Assessment
Purpose & Capability
The skill claims to provide a local-first privacy gateway and its instructions consistently tell the agent to route cloud calls to a local endpoint (e.g., http://localhost:8000/v1). However, the skill is instruction-only and does not implement the scanning/reformulation engine itself — it assumes an external Zipsa server is running. This is coherent but important: the protective features described (scanning, masking, alerting, SIEM integration) are product-level features of that external service, not implemented by the skill code.
Instruction Scope
SKILL.md instructs the agent to reroute provider calls to a local gateway and to use session_id for continuity. It does not instruct the agent to read arbitrary files, exfiltrate data, or contact unexpected remote endpoints. The included relay script only POSTs to localhost and is non-obfuscated.
Install Mechanism
No install spec is present (instruction-only). This minimizes disk/write risk. The single Python relay script is small, clear, and only communicates with localhost.
Credentials
The documentation shows example env vars (OPENAI_BASE_URL, OPENAI_API_KEY=zipsa-key, OPENAI_MODEL) but the skill does not declare required env vars. That is reasonable for a routing helper but users must supply local configuration. The admin-console description lists webhook/SIEM/Slack/email integrations (which could send alerts externally if configured) — those are expected given the product scope but represent a configuration-time exfiltration risk if misconfigured.
Persistence & Privilege
The skill does not request persistent presence (always:false) nor does it modify other skills. Default autonomous invocation is allowed but not by itself a problem; the skill doesn't elevate privileges or alter other skill configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install zipsa - After installation, invoke the skill by name or use
/zipsa - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.4.1
Align ClawHub version with the GitHub zipsa release number (0.4.1).
v0.2.0
Add Admin Console documentation, expand enterprise/privacy guidance, and include the MIT license in the skill bundle.
v0.1.0
Initial release of zipsa: a local-first privacy gateway for LLM applications.
- Protects sensitive, private, or proprietary data (PII, health records, secrets) by rewriting queries locally before sending to cloud LLMs.
- Sits between OpenClaw and cloud models (Claude, Gemini, GPT) as an OpenAI-compatible endpoint.
- Automatically identifies and redacts high-risk information, preserving privacy while leveraging advanced models.
- Supports multi-turn conversations with session continuity.
- Easily integrates by changing the OpenAI base URL and model in client apps.
Metadata
Frequently Asked Questions
What is Zipsa?
Local-first privacy gateway for LLM applications. Use when the user needs to process sensitive, private, or proprietary information (PII, health records, int... It is an AI Agent Skill for Claude Code / OpenClaw, with 185 downloads so far.
How do I install Zipsa?
Run "/install zipsa" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Zipsa free?
Yes, Zipsa is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Zipsa support?
Zipsa is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Zipsa?
It is built and maintained by Sulgi Kim (@sulgik); the current version is v0.4.1.
More Skills