← 返回 Skills 市场
aronchick

Expanso pii-detect

作者 Expanso · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
919
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install expanso-pii-detect
功能描述
Detect personally identifiable information (PII) in text using Expanso Edge pipelines for CLI, MCP server, or cloud deployment.
使用说明 (SKILL.md)

pii-detect

Detect personally identifiable information (PII) in text

Requirements

  • Expanso Edge installed (expanso-edge binary in PATH)
  • Install via: clawhub install expanso-edge

Usage

CLI Pipeline

# Run standalone
echo '\x3Cinput>' | expanso-edge run pipeline-cli.yaml

MCP Pipeline

# Start as MCP server
expanso-edge run pipeline-mcp.yaml

Deploy to Expanso Cloud

expanso-cli job deploy https://skills.expanso.io/pii-detect/pipeline-cli.yaml

Files

File Purpose
skill.yaml Skill metadata (inputs, outputs, credentials)
pipeline-cli.yaml Standalone CLI pipeline
pipeline-mcp.yaml MCP server pipeline
安全使用建议
This skill runs Expanso pipelines that put your input text into an OpenAI chat completion call. If you provide an OPENAI_API_KEY, the full text will be sent to OpenAI. The registry metadata failing to declare the OpenAI credential and the README's claim that a local 'regex' mode can be used are inconsistent with the included pipeline files (which always call openai_chat_completion). Before installing or running on sensitive data: (1) Decide whether you are willing to send inputs to OpenAI; if not, avoid supplying an API key and verify the pipelines actually perform local regex detection (they currently do not). (2) Run the skill in a safe/test environment with non-sensitive inputs to observe behavior. (3) Inspect or modify the pipeline YAML to add a true local fallback (regex processors) if you need on-device-only detection. (4) Confirm you trust the expanso-edge binary and the environment where it will run. If you need clarification, ask the author to correct the skill metadata and to provide a documented regex-only pipeline.
功能分析
Type: OpenClaw Skill Name: expanso-pii-detect Version: 1.0.0 The skill is designed to detect PII using an OpenAI LLM. Both `pipeline-cli.yaml` and `pipeline-mcp.yaml` construct the LLM prompt by directly concatenating user-provided input (`content()` or `this.text`) without apparent sanitization or robust prompt engineering to prevent manipulation. This makes the LLM vulnerable to prompt injection, where a malicious user could potentially bypass the LLM's instructions, extract information, or cause it to generate unintended output. While the skill uses the `OPENAI_API_KEY` environment variable, this is for its stated purpose and not for unauthorized exfiltration.
能力评估
Purpose & Capability
Name and files match a PII-detection purpose. Using an LLM (OpenAI) for detection is plausible. However the registry metadata claims no required env vars/credentials while README and pipeline files expect an OPENAI_API_KEY (even if marked 'optional') — that's an inconsistent declaration.
Instruction Scope
The pipelines place the entire input text into the LLM prompt (openai_chat_completion), which will transmit user-provided text to OpenAI when an API key is supplied. The README and skill.yaml claim a local 'regex' backend is available, but the provided pipeline definitions always call openai_chat_completion and do not implement a clear regex-only fallback — meaning 'local-only' behavior is not actually enforced by the included pipelines.
Install Mechanism
Instruction-only skill that requires expanso-edge to be installed; no downloads or third-party install URLs are embedded in the skill bundle. This is low install risk.
Credentials
The skill uses OPENAI_API_KEY (sensitive) in pipeline files but the registry shows 'Required env vars: none' and 'Primary credential: none' — a mismatch. The only notable sensitive credential is the OpenAI key; no unrelated credentials are requested.
Persistence & Privilege
The skill is user-invocable only, not always-enabled, and has no install script or self-persistence. It does not request system-wide config or other skills' credentials.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install expanso-pii-detect
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /expanso-pii-detect 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish to ClawHub
元数据
Slug expanso-pii-detect
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Expanso pii-detect 是什么?

Detect personally identifiable information (PII) in text using Expanso Edge pipelines for CLI, MCP server, or cloud deployment. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 919 次。

如何安装 Expanso pii-detect?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install expanso-pii-detect」即可一键安装,无需额外配置。

Expanso pii-detect 是免费的吗?

是的,Expanso pii-detect 完全免费(开源免费),可自由下载、安装和使用。

Expanso pii-detect 支持哪些平台?

Expanso pii-detect 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Expanso pii-detect?

由 Expanso(@aronchick)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论