← 返回 Skills 市场

Expanso pii-redact

Name: Expanso pii-redact
Author: aronchick

作者 Expanso · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

901

总下载

当前安装

版本数

在 OpenClaw 中安装

/install expanso-pii-redact

功能描述

Redact personally identifiable information from text by replacing sensitive data with placeholders using Expanso Edge pipelines.

使用说明 (SKILL.md)

pii-redact

"Redact PII from text, replacing sensitive data with placeholders"

Requirements

Expanso Edge installed (expanso-edge binary in PATH)
Install via: clawhub install expanso-edge

Usage

CLI Pipeline

# Run standalone
echo '\x3Cinput>' | expanso-edge run pipeline-cli.yaml

MCP Pipeline

# Start as MCP server
expanso-edge run pipeline-mcp.yaml

Deploy to Expanso Cloud

expanso-cli job deploy https://skills.expanso.io/pii-redact/pipeline-cli.yaml

Files

File	Purpose
`skill.yaml`	Skill metadata (inputs, outputs, credentials)
`pipeline-cli.yaml`	Standalone CLI pipeline
`pipeline-mcp.yaml`	MCP server pipeline

安全使用建议

This skill appears to be what it claims: a PII-redaction pipeline that sends text to an LLM and returns a redacted result. Before installing or running it, consider: 1) Privacy: by default the pipeline uses the OpenAI remote backend and will send your input text to OpenAI; if you must keep data local, run a local Ollama model or avoid the remote backend. 2) Deployment: starting the MCP server exposes an HTTP endpoint (0.0.0.0:${PORT}) that will accept arbitrary text — only bind it to trusted networks or add access controls. 3) Metadata/logging: the pipeline computes and logs input_hash, trace_id, and redaction counts; make sure those metadata fields meet your compliance needs. 4) Small inconsistency: the registry metadata said no required env vars, but the pipeline/README reference OPENAI_API_KEY — decide whether you'll provide that key or rely on local models. 5) Test with non-sensitive data first to confirm behavior and model outputs. If you need a stricter privacy posture, prefer the local Ollama backend or run the pipeline in an isolated environment and do not deploy to Expanso Cloud.

功能分析

Type: OpenClaw Skill Name: expanso-pii-redact Version: 1.0.0 The skill is classified as suspicious due to a prompt injection vulnerability present in both `pipeline-cli.yaml` and `pipeline-mcp.yaml`. The user-controlled `placeholder` value, which can be set via an environment variable or HTTP request body, is directly concatenated into the system prompt for the OpenAI LLM. This allows an attacker to inject arbitrary instructions into the LLM's context, potentially manipulating its behavior beyond PII redaction, even though the prompt attempts to enforce a JSON output format. There is no evidence of intentional malicious behavior by the skill's author, making this a vulnerability rather than malware.

能力评估

✓ Purpose & Capability

Name, README, SKILL.md, and pipeline YAMLs consistently implement a PII redaction pipeline that uses an LLM backend (OpenAI or local Ollama). The pipelines, inputs, outputs, and declared backends are coherent with the described purpose.

ℹ Instruction Scope

Runtime instructions are narrowly scoped to running the expanso-edge pipelines (CLI or MCP HTTP endpoint) and optionally deploying to Expanso Cloud. The pipelines send the input text to an LLM (openai_chat_completion) and expect a JSON response with redacted_text/redaction_count/redacted_types. Important privacy notes: (1) when run as provided the text is sent to OpenAI (remote) unless you run a local Ollama backend; (2) running the MCP pipeline exposes an HTTP endpoint that will accept arbitrary text and forward it to the model; (3) metadata (input_hash, input_length, trace_id, timestamp) is computed and included in logs/outputs. These are expected behaviors for this skill but are relevant privacy considerations and should be reviewed before use or deployment to a remote/cloud endpoint.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no downloads or extracted artifacts. That yields a low install risk: nothing is written or executed on install beyond the user running expanso-edge on their machine.

ℹ Credentials

The skill needs an OpenAI API key to use the remote backend (OPENAI_API_KEY), and skill.yaml correctly declares this credential (optional). However, registry-level metadata included with the submission indicated "Required env vars: none", which conflicts with the bundled README/pipelines that reference ${OPENAI_API_KEY}. The pipelines will attempt to resolve ${OPENAI_API_KEY} at runtime; if you intend to keep data local, use the local Ollama backend instead of OpenAI or avoid deploying to cloud. No unrelated credentials or surprising env variables are requested.

✓ Persistence & Privilege

The skill does not request persistent/system-wide privileges. Flags show always:false (no forced inclusion) and default autonomous invocation allowed. The skill does not modify other skills' configs or ask to persist credentials on its own in the provided files.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install expanso-pii-redact
安装完成后，直接呼叫该 Skill 的名称或使用 /expanso-pii-redact 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial publish

元数据

Slug expanso-pii-redact

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题