← 返回 Skills 市场

Redact

Name: Redact
Author: darknoah

作者 noah · GitHub ↗ · v0.1.1 · MIT-0

cross-platform ⚠ suspicious

136

总下载

当前安装

版本数

在 OpenClaw 中安装

/install redact

功能描述

Privacy redaction toolkit for images, PDFs, Word documents, and PowerPoint presentations. Use when the user needs to redact, mask, or replace sensitive/priva...

安全使用建议

This package appears to be a legitimate local redaction/OCR toolkit. Before installing, note: 1) It requires heavy ML packages (paddlepaddle/paddleocr/paddlex) that may download large binaries or model files during install or first run and may require a lot of disk space and time. 2) The scripts create a cache directory (~/.cache/redact_temp) and temporary result directories; inspect and clean these if you need to avoid leaving extracted content on disk. 3) The code sets DISABLE_MODEL_SOURCE_CHECK in its environment—this is likely non-malicious but unusual; review the scripts if you have strict execution policies. 4) Run the tool in an isolated virtual environment (uv creates one) and inspect sample runs on non-sensitive files first. There are no declared network endpoints, no requested credentials, and no obvious exfiltration code in the bundle, but be aware that model downloads will require network access during install/use.

功能分析

Type: OpenClaw Skill Name: redact Version: 0.1.1 The skill bundle provides legitimate privacy redaction tools but contains high-risk code patterns that are vulnerable to exploitation. Specifically, `read.py` and `redact-presentation.py` use `subprocess.run` to execute system-level commands via PowerShell (Windows), AppleScript (macOS), and LibreOffice for document conversion. While the scripts attempt some basic sanitization (e.g., escaping quotes), the construction of these command strings is fragile and potentially vulnerable to command injection if an attacker provides a file with a specially crafted name. No evidence of intentional malice, such as data exfiltration or hardcoded backdoors, was found; however, the reliance on shell execution for core functionality poses a significant security risk.

能力评估

✓ Purpose & Capability

Name and description claim OCR-based redaction for images/PDF/docx/pptx; the repository includes scripts for reading and redacting each format and lists expected Python OCR and document libraries (PaddleOCR/PPStructureV3, PyMuPDF, python-docx, python-pptx, Pillow). These dependencies and scripts are expected for the stated purpose.

ℹ Instruction Scope

SKILL.md instructs running the included scripts with a rules CSV and to use 'uv sync' to install dependencies. The scripts operate on local files and perform OCR and in-place replacements/masking. They create temporary directories and a persistent cache directory (~/.cache/redact_temp) for intermediate outputs; some temp directories are cleaned up but others may remain depending on code paths. The runtime instructions do not ask for unrelated files, credentials, or external endpoints, but they do not explicitly warn about model weight downloads (see install_mechanism note).

ℹ Install Mechanism

There is no platform install spec in the registry; SKILL.md recommends using 'uv sync' to create a venv and install dependencies from pyproject. Dependencies include paddlepaddle/paddleocr/paddlex which are large and may pull model binaries or wheels from package/model hosting during installation or first use. No arbitrary URL downloads or obscure installers are present in the bundle itself.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths. The code sets a few environment variables locally (e.g., DISABLE_MODEL_SOURCE_CHECK, FLAGS_use_mkldnn) which affect runtime behavior but are internal to the scripts. No secret-exposing env vars are requested.

✓ Persistence & Privilege

always is false and the skill does not request elevated or persistent platform privileges. It writes temporary data to disk (creates ~/.cache/redact_temp and various temp dirs) but does not modify other skills or system-wide agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install redact
安装完成后，直接呼叫该 Skill 的名称或使用 /redact 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.1

- Added read.py script to support extracting text (via OCR) from images, PDFs, Word, and PowerPoint files - Updated SKILL.md with usage and output formats for read.py, including structured and JSON output - Switched to uv for environment setup and dependency management instructions - Removed the obsolete scripts/init-runtime.sh file

v0.1.0

- Initial release of the redact privacy toolkit. - Supports redacting sensitive information in images (png/jpg), PDFs, Word, and PowerPoint files. - Uses rules-based redaction: replace text or mask with solid color blocks or █ characters. - Handles text in tables, headers/footers, and embedded images in supported formats. - Includes CLI scripts for each file type with CSV rules input.

元数据

Slug redact

版本 0.1.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Redact 是什么？

Privacy redaction toolkit for images, PDFs, Word documents, and PowerPoint presentations. Use when the user needs to redact, mask, or replace sensitive/priva... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 136 次。

如何安装 Redact？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install redact」即可一键安装，无需额外配置。

Redact 是免费的吗？

是的，Redact 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Redact 支持哪些平台？

Redact 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Redact？

由 noah（@darknoah）开发并维护，当前版本 v0.1.1。