← 返回 Skills 市场
PII Redactor
作者
m-newhauser
· GitHub ↗
· v1.0.5
· MIT-0
263
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install pii-redactor
功能描述
Redact sensitive information from text using a locally-hosted, zero-shot PII/PHI detection model.
安全使用建议
This skill is conceptually coherent for local PII redaction, but do not install it blind. Before installing: 1) Verify the PyPI package source and review the package code (or the upstream GitHub repo) to ensure it does only what is described; confirm the package owner and checksums. 2) Reconcile the version mismatch (skill v1.0.5 vs pinned package 1.0.4) and confirm the correct release. 3) Ensure CLAWGUARD_URL is set only to localhost or a tightly-controlled internal HTTPS endpoint you operate (do not point to public or untrusted hosts). 4) Keep CLAWGUARD_TOKEN secret, store in a secret manager, and rotate if suspected compromised. 5) Test the service in an isolated environment first to confirm behavior and that the health/redact endpoints behave as documented. 6) If you cannot review the package code, treat the install as higher risk and consider alternatives (well-audited tools or in-process redactors).
功能分析
Type: OpenClaw Skill
Name: pii-redactor
Version: 1.0.5
The skill is designed to redact PII by intercepting all outbound agent responses and transmitting them to a network-hosted service (clawguard-pii). While the SKILL.md includes defensive instructions for the agent to validate the CLAWGUARD_URL (restricting it to localhost or internal HTTPS) and use a bearer token, the capability to capture all communications and the dependency on an external PyPI package represent high-risk behaviors. These features are plausibly necessary for the stated purpose but constitute a significant attack surface and potential exfiltration channel if the service or validation logic is compromised.
能力评估
Purpose & Capability
The skill name/description (local, zero-shot PII redaction) aligns with the declared binary requirement (clawguard) and the two required env vars (CLAWGUARD_URL, CLAWGUARD_TOKEN). Requesting a local service and a token is proportionate to the stated purpose. Note: the skill metadata/version (1.0.5) doesn't match the install package pin (clawguard-pii==1.0.4) which is inconsistent and should be reconciled.
Instruction Scope
SKILL.md instructs the agent to send the full draft response to the local redact endpoint and to block sending responses if the URL validation fails — this is expected for redaction. However, sending entire responses to an external service is an inherent exfiltration risk if CLAWGUARD_URL is pointed at a remote/untrusted host; the skill provides validation rules but those allow any HTTPS non-localhost 'internal-hostname' (ambiguous) which could be misused. The documentation also contains a placeholder/ambiguous source URL comment ('replace with the actual repository URL'), which suggests the package/source may not have been fully vetted.
Install Mechanism
The install spec uses a PyPI package (clawguard-pii==1.0.4) which will write a 'clawguard' binary — installing from PyPI is common but requires reviewing the package source. The SKILL.md references a GitHub URL placeholder and the registry lists a different skill version (1.0.5) than the pinned package (1.0.4), which is a red flag: either documentation or packaging is inconsistent. No code files were provided for static review, so the package itself is the only executable artifact to inspect before trusting it.
Credentials
Only CLAWGUARD_URL and CLAWGUARD_TOKEN are required, which map directly to running a local redaction service. There are no unrelated secrets requested. Still, because the agent will send draft responses to the endpoint, these env vars effectively become a potential exfiltration control — ensure the URL points only to a host you control and the token is stored securely and rotated if needed.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills. It allows autonomous invocation (disable-model-invocation=false) which is normal — combine that with the ability to send full responses to the configured endpoint and the exfiltration risk is increased if the endpoint is untrusted, but this is an operational risk rather than an improper privilege request.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pii-redactor - 安装完成后,直接呼叫该 Skill 的名称或使用
/pii-redactor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
- Added structured YAML frontmatter with metadata, description, homepage, and install instructions.
- Updated installation instructions to explicitly pin clawguard-pii to version 0.1.0 for consistency.
- Linked to the PyPI homepage in metadata.
- Included install requirements and instructions via uv in the metadata section.
- Minor clarifications and formatting adjustments in the setup section.
v1.0.4
- Expanded and clarified documentation to reflect broader entity coverage (55+ categories) and zero-shot capability.
- Enforced stricter safety checks: agent now validates that `CLAWGUARD_URL` points only to localhost or internal hosts with HTTPS.
- Simplified and restructured setup and usage instructions for improved operator clarity.
- Deployment guidance strengthened: emphasized local-only service, secret management, and audit controls for sensitive options.
- Added explicit warnings about ML-based detection limitations, possible false positives/negatives, and the need for human review in critical contexts.
- API and error handling sections streamlined and highlighted best practices for secure operation.
v1.0.3
**Switched to ClawGuard as the required local backend.**
- Replaced all references to "nemoclaw" with "ClawGuard" for backend service and environment variables.
- Updated setup and configuration instructions for the new ClawGuard-PII package (`pip install clawguard-pii`) and environment variables (`CLAWGUARD_URL`, `CLAWGUARD_TOKEN`).
- Clarified how to start the server and synchronize tokens between agent and server.
- Improved documentation and simplified configuration steps.
- No changes to endpoint structure or response format.
v1.0.2
**1.0.2 → 1.0.3 changelog**
- Updated all environment variable names from `PII_SERVICE_URL` / `PII_API_TOKEN` to `NEMOCLAW_URL` / `NEMOCLAW_TOKEN` for improved clarity and alignment with the underlying server.
- Added a step-by-step configuration guide for securely generating and setting the `NEMOCLAW_TOKEN` secret.
- Clarified that the skill uses only a locally hosted HTTP service and that the authentication token is mandatory, even for localhost deployments.
- Simplified and shortened the description for accessibility; removed explicit mention of outbound response enforcement.
- Minor improvements to operator/setup documentation; removed duplicate and unneeded explanations.
v1.0.1
Updated documentation in SKILL.md
v1.0.0
- Initial release of pii-redactor for redacting sensitive information from text before it leaves the system.
- Supports detection and removal of 15 PII entity types (e.g., email, phone, SSN, credit card, API keys, passwords, addresses, and more).
- Integrates with nvidia/gliner-PII; uses a configurable confidence threshold to balance recall and precision.
- Provides a POST /redact endpoint for PII sanitization and a GET /health endpoint for service status.
- Mandatory for every outbound response; outputs sanitized text and a clear notification when PII is removed.
- Includes error handling and fallback instructions if the service is unavailable.
元数据
常见问题
PII Redactor 是什么?
Redact sensitive information from text using a locally-hosted, zero-shot PII/PHI detection model. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 263 次。
如何安装 PII Redactor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pii-redactor」即可一键安装,无需额外配置。
PII Redactor 是免费的吗?
是的,PII Redactor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
PII Redactor 支持哪些平台?
PII Redactor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 PII Redactor?
由 m-newhauser(@m-newhauser)开发并维护,当前版本 v1.0.5。
推荐 Skills