← 返回 Skills 市场
daririnch

DCL Sentinel Trace — PII Redactor & Identity Exposure Detector

作者 Dari Rinch · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ✓ 安全检测通过
168
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install dcl-sentinel-trace
功能描述
Instruction-only PII detector and redactor for AI outputs. Detects emails, phones, SSNs, bank cards, IBANs, crypto addresses, and IPs entirely within the age...
使用说明 (SKILL.md)

DCL Sentinel Trace — Leibniz Layer™

Publisher: @daririnch · Fronesis Labs
Version: 2.0.0
Part of: Leibniz Layer™ Security Suite

What this skill does

DCL Sentinel Trace detects and redacts personally identifiable information in AI outputs before they reach users or downstream systems.

This skill is 100% instruction-only. No text is sent to any external server. The entire analysis runs inside the agent's context window. The scanned text never leaves the agent.

What gets detected

Category Examples
email Any email address pattern
phone International and local phone number formats
national_id SSNs, national ID numbers, tax IDs
bank_card Card PANs (Visa, Mastercard, Amex, etc.)
iban International bank account numbers
crypto_address Bitcoin, Ethereum, and other wallet addresses
ip_address IPv4 and IPv6 addresses
passport Passport and travel document numbers

When to use this skill

  • AI output may contain personal data from user input, documents, or retrieved content
  • Your pipeline requires GDPR or HIPAA compliance before delivering responses
  • A coding or data agent processes datasets that may contain real PII
  • You need a privacy checkpoint before logging or storing AI outputs

How to run a scan

Paste the text to scan into the conversation. The agent screens it locally against the checklist below. No network requests are made.

Step 1 — Run the detection checklist

Work through each category. For each match found, record:

  • type — which PII category triggered
  • redacted_sample — masked version (e.g. te****@****.com)
  • severitycritical for financial/ID data, major for contact data

Step 2 — Apply verdict logic

Condition Verdict
Any finding NO_COMMIT
No findings COMMIT

Detection Checklist

T1 — Email Addresses (Major)

  • Any string matching [text]@[domain].[tld] pattern

T2 — Phone Numbers (Major)

  • International format: +[country code][number]
  • Local formats: sequences of 7–15 digits with common separators

T3 — National ID / SSN (Critical)

  • US SSN: three digits, two digits, four digits pattern
  • National ID formats for other countries: fixed-length numeric or alphanumeric sequences in ID context

T4 — Bank Card PANs (Critical)

  • 13–19 digit sequences matching major card network prefixes
  • With or without spaces/dashes between groups

T5 — IBANs (Critical)

  • Two-letter country code followed by two check digits and up to 30 alphanumeric characters

T6 — Crypto Wallet Addresses (Major)

  • Bitcoin: Base58 strings of 25–34 chars starting with 1, 3, or bc1
  • Ethereum: 42-char hex strings starting with 0x
  • Other chains: similar fixed-length address patterns in wallet context

T7 — IP Addresses (Minor)

  • IPv4: four octets separated by dots
  • IPv6: eight groups of hex digits separated by colons

T8 — Passport / Document Numbers (Critical)

  • Alphanumeric strings of 6–9 characters in passport or document number context

Output schema

{
  "verdict": "COMMIT | NO_COMMIT",
  "detections": [
    {
      "type": "email",
      "redacted_sample": "te****@****.com",
      "severity": "major"
    }
  ],
  "detection_count": 0,
  "categories_checked": ["T1","T2","T3","T4","T5","T6","T7","T8"],
  "categories_clear": ["T1","T2","T3","T4","T5","T6","T7","T8"],
  "powered_by": "DCL Sentinel Trace · Leibniz Layer™ · Fronesis Labs"
}

Where Sentinel Trace fits in the DCL pipeline

Untrusted input
        │
        ▼
DCL Prompt Firewall        ← blocks malicious input
        │ COMMIT
        ▼
      LLM
        │
        ▼
DCL Policy Enforcer        ← compliance check on output
        │ COMMIT
        ▼
DCL Sentinel Trace         ← PII redaction (instruction-only)
        │ COMMIT
        ▼
DCL Secret Leak Detector   ← credential scan
        │ COMMIT
        ▼
DCL Output Sanitizer       ← final sweep
        │ COMMIT
        ▼
DCL Semantic Drift Guard   ← hallucination check
        │ IN_COMMIT
        ▼
Safe to deliver

Privacy & Data Policy

This skill is operated by Fronesis Labs and is 100% instruction-only.

No data leaves the agent. All analysis runs entirely within the agent's context window. No content is transmitted to any server.

Full policy: https://fronesislabs.com/#privacy · Browse the full DCL Security Suite: hub.fronesislabs.com · Questions: [email protected]

Related skills

  • dcl-prompt-firewall — Input-layer injection and jailbreak detection
  • dcl-secret-leak-detector — Credential and API key scan
  • dcl-output-sanitizer — Final output sweep
  • dcl-policy-enforcer — Compliance and regulatory check

Leibniz Layer™ · Fronesis Labs · fronesislabs.com

安全使用建议
This skill is internally consistent with its purpose and low-risk as an instruction-only checklist, but take these precautions before relying on it in production: - Test thoroughly with representative inputs (various card formats, SSNs, international phone numbers, IBANs, crypto addresses) to evaluate false negatives and false positives. - Prefer deterministic, auditable redaction (well-tested regexes or a small vetted library) if you require provable compliance; the skill relies on informal 'in context' judgment which can vary. - Do not assume 'no data leaves the agent' guarantees anything about your runtime environment — verify that your agent platform or surrounding pipeline does not automatically log or forward conversation content. - Note minor metadata inconsistencies: SKILL.md claims Version 2.0.0 while registry metadata lists 1.0.2, and the registry lists no homepage even though the SKILL.md links to fronesislabs.com. If provenance matters, ask the publisher for source code or an authoritative release page and confirm the publisher identity. - If you need higher assurance (HIPAA/GDPR audits, regulated production use), prefer a skill with published code, test vectors, and deterministic redaction logic you can review or run locally.
功能分析
Type: OpenClaw Skill Name: dcl-sentinel-trace Version: 1.0.2 The 'dcl-sentinel-trace' skill is an instruction-only PII detector and redactor designed to identify sensitive information (emails, SSNs, bank cards, etc.) within the agent's context window. It contains no executable code, makes no network requests, and provides a structured checklist and output schema for the agent to follow. The instructions are aligned with its stated purpose of enhancing privacy and compliance (GDPR/HIPAA) without any indicators of malicious intent or prompt injection.
能力标签
cryptorequires-wallet
能力评估
Purpose & Capability
The name and description describe a PII detection/redaction step. The skill is instruction-only and requires no binaries, installs, or credentials — which matches a purely local/text-processing checklist. There are no requests for unrelated cloud credentials or system access.
Instruction Scope
The SKILL.md confines activity to scanning pasted text and producing a redacted output schema; it explicitly states no network requests. However the detection rules are described at a high level (patterns and 'in context' judgements) and rely on the agent's judgment rather than a deterministic, auditable regex implementation. That makes false negatives/positives and inconsistent redaction behavior possible. The instructions do not ask the agent to read files or environment variables beyond the conversation text.
Install Mechanism
There is no install spec and no code files — lowest-risk instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no environment variables, credentials, or config paths. This is proportionate to an instruction-only redaction checklist.
Persistence & Privilege
always:false and normal invocation settings. The skill does not request persistent presence or system configuration changes. Autonomous invocation is allowed by platform default but the skill itself does not ask for elevated privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install dcl-sentinel-trace
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /dcl-sentinel-trace 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Major update: Sentinel Trace is now 100% instruction-only and runs fully inside the agent, with no external data transfer. - All PII detection and redaction happens entirely within the agent's local context — scanned text never leaves the agent. - Updated checklist and detection categories for better clarity and stricter compliance coverage. - Introduced severity ratings for different PII types (critical, major, minor). - Expanded documentation on how to use, agent workflow, and where Sentinel Trace fits in the DCL pipeline. - Removal of all references to network endpoints, audit trails, or persistent logging — fully privacy-preserving. - Modernized output schema for greater transparency and compliance reporting.
v1.0.1
dcl-sentinel-trace v1.0.1 - Added a dedicated "Privacy & Data Policy" section to documentation - Clarified details on data processing, retention, PII handling, and infrastructure - Provided direct link to full privacy policy and support contact information
v1.0.0
dcl-sentinel-trace v1.0.0 — Initial Release - Production-ready PII & identity exposure detector for AI pipelines - Detects: emails, phone numbers (intl/US), SSNs, national ID numbers, bank card PANs, IBANs, Bitcoin & Ethereum addresses, IP addresses, passport and document numbers - Powered by Leibniz Layer™ — every detection produces a cryptographically tamper-evident audit proof - NO_COMMIT verdict blocks PII before it leaves your pipeline; raw data is never stored or exposed - Zero data retention, no third-party leakage - GDPR & HIPAA compliant - Endpoints: /evaluate, /health, /chain/tail
元数据
Slug dcl-sentinel-trace
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

DCL Sentinel Trace — PII Redactor & Identity Exposure Detector 是什么?

Instruction-only PII detector and redactor for AI outputs. Detects emails, phones, SSNs, bank cards, IBANs, crypto addresses, and IPs entirely within the age... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 168 次。

如何安装 DCL Sentinel Trace — PII Redactor & Identity Exposure Detector?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dcl-sentinel-trace」即可一键安装,无需额外配置。

DCL Sentinel Trace — PII Redactor & Identity Exposure Detector 是免费的吗?

是的,DCL Sentinel Trace — PII Redactor & Identity Exposure Detector 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

DCL Sentinel Trace — PII Redactor & Identity Exposure Detector 支持哪些平台?

DCL Sentinel Trace — PII Redactor & Identity Exposure Detector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 DCL Sentinel Trace — PII Redactor & Identity Exposure Detector?

由 Dari Rinch(@daririnch)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论