← 返回 Skills 市场
solmas

Openclaw Pii Anonymizer Latest

作者 Seth Blakely · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
271
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-pii-anonymizer-latest
功能描述
Automation skill for Openclaw Pii Anonymizer Latest.
安全使用建议
This skill is a small shell wrapper that sends text to an Ollama model to replace PII; it reasonably requires curl and jq and an Ollama endpoint. Before installing: (1) ensure OLLAMA_URL points to a local or trusted Ollama server (default is localhost) — do not set it to an untrusted remote host because the script will transmit whatever text you pass in; (2) confirm curl and jq are available; (3) note the registry metadata mismatch (the skill's SKILL.md declares required env/bins while registry metadata lists none); (4) if you plan to allow autonomous invocation, restrict or review what data the agent will send through this anonymizer to avoid accidental leaks to an external endpoint.
功能分析
Type: OpenClaw Skill Name: openclaw-pii-anonymizer-latest Version: 1.0.2 The skill contains a critical shell command injection vulnerability in 'privacy-anonymize.sh'. The script expands the input variable '$1' directly inside a double-quoted string passed to 'curl -d', which allows for arbitrary command execution if the input contains shell metacharacters like '$(...)' or backticks. While the stated purpose of PII anonymization is benign, the instructions in 'SKILL.md' encourage the agent to pass potentially untrusted data (from memory or tool outputs) into this script, creating a high-risk vector for remote code execution (RCE).
能力评估
Purpose & Capability
Name/description match the behavior: the script anonymizes input by calling an Ollama model. The script uses curl/jq and a MODEL/OLLAMA_URL env var which are reasonable for this purpose. Minor note: top-level registry metadata lists no required env vars while SKILL.md declares OLLAMA_URL/MODEL and required binaries (curl,jq).
Instruction Scope
SKILL.md and privacy-anonymize.sh stay within scope: they only send provided text to the Ollama chat completions endpoint and return the model's cleaned text. The script does not read arbitrary files or access system credentials; SKILL.md suggests piping MEMORY.md content through the script but the script itself does not read files unless the caller passes them in.
Install Mechanism
No install spec is executed by the platform (instruction-only skill). SKILL.md contains benign guidance to install jq/curl via apt and to pull an Ollama model; there are no downloads from untrusted URLs or archive extraction steps.
Credentials
The only environment variables the tool uses are OLLAMA_URL and MODEL (defaults provided). These are proportional to the function. Caution: SKILL.md/README recommend setting OLLAMA_URL — if a user configures OLLAMA_URL to a remote/untrusted host, sensitive data passed to the script would be sent there. Also note the metadata inconsistency: registry shows no required env vars while SKILL.md declares OLLAMA_URL and bins.
Persistence & Privilege
Skill does not request permanent agent presence (always is false) and does not modify system or other skills' config. It runs only when invoked via the script/commands described.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-pii-anonymizer-latest
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-pii-anonymizer-latest 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Improved skill documentation and usage instructions in SKILL.md. - Clarified supported PII types: names, emails, paths, and IPs. - Added requirements and installation steps for dependencies (jq, curl). - Provided example usage and integration tips for anonymizing workspace and memory files. - Detailed Ollama model setup and configuration instructions. - Listed key file: privacy-anonymize.sh.
元数据
Slug openclaw-pii-anonymizer-latest
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Openclaw Pii Anonymizer Latest 是什么?

Automation skill for Openclaw Pii Anonymizer Latest. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 271 次。

如何安装 Openclaw Pii Anonymizer Latest?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-pii-anonymizer-latest」即可一键安装,无需额外配置。

Openclaw Pii Anonymizer Latest 是免费的吗?

是的,Openclaw Pii Anonymizer Latest 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Openclaw Pii Anonymizer Latest 支持哪些平台?

Openclaw Pii Anonymizer Latest 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Openclaw Pii Anonymizer Latest?

由 Seth Blakely(@solmas)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论