← Back to Skills Marketplace
fullstackcrew-alpha

Privacy Mask

by fullstackcrew-alpha · GitHub ↗ · v0.3.5 · MIT-0
cross-platform ⚠ suspicious
449
Downloads
1
Stars
0
Active Installs
14
Versions
Install in OpenClaw
/install privacy-mask
Description
Mask, redact, anonymize and censor sensitive information (PII) in screenshots and images — phone numbers, emails, IDs, API keys, crypto wallets, credit cards...
Usage Guidance
This skill is plausibly what it says (local image PII masking), but there are a few red flags to check before installing/enabling it: 1) The skill's hooks reference scripts/mask-images.sh and intercepting the agent's local image cache, but no script or code files are bundled — ask the publisher where that hook implementation lives or provide the script so you can inspect it. 2) Confirm what 'in-place' interception actually does: the SKILL.md warns not to modify originals by default, yet the hook text says it applies masking in-place — ensure the hook will not silently overwrite originals unless you explicitly request that. 3) Vet the privacy-mask CLI package before pip installing (review source code, repository trust, and the PyPI package name) because pip install downloads and runs third-party code. 4) Test the tool with non-sensitive sample images and run --dry-run first to verify detections and outputs. 5) If you plan to allow automatic interception, limit its scope (only explicit user-submitted images) and ensure logs/notifications are produced when files are modified. If you cannot verify the hook implementation or the privacy-mask package source, treat enabling the automatic hook as higher risk.
Capability Analysis
Type: OpenClaw Skill Name: privacy-mask Version: 0.3.5 The 'privacy-mask' skill is a privacy-focused tool designed to redact PII from images locally using OCR and regex-based detection. It utilizes the 'UserPromptSubmit' hook to intercept and sanitize images in the local cache before they are sent to an LLM API, which aligns with its stated purpose of data loss prevention (DLP). The instructions in SKILL.md explicitly guide the agent to prioritize user privacy and local processing, and there is no evidence of data exfiltration, malicious execution, or harmful prompt injection in the provided files.
Capability Assessment
Purpose & Capability
Name/description ask for OCR-based image redaction and the declared required binaries (tesseract, python3, privacy-mask CLI) are exactly what that purpose needs. No unrelated cloud credentials or services are requested.
Instruction Scope
SKILL.md instructs reading user images, running the privacy-mask CLI, and writing masked outputs — that's appropriate. However the hooks claim to 'intercept images in Claude's local image cache' and apply masking 'in-place before they are sent to the API', which reaches into the agent's internal cache and may modify images without explicit user action. The skill also references an external command (scripts/mask-images.sh) that is not included in the package, creating an unclear execution surface.
Install Mechanism
No install spec is provided (instruction-only), so nothing is written to disk by the skill itself. The README suggests pip/brew/apt commands for installing dependencies — standard guidance but these are not executed automatically by the skill.
Credentials
No environment variables or external credentials are requested, which is proportionate. That said, the skill requests non-optional local-file-read and local-file-write permissions and claims access to the agent's local image cache; this is reasonable for a masking tool but increases blast radius because it touches internal agent data flows.
Persistence & Privilege
always is false and autonomous invocation is allowed (normal). The hook's description implies automatic interception on UserPromptSubmit — effectively enabling the skill to run whenever images are present. Combined with the unbundled scripts reference and the promise to modify cache 'in-place', this creates a risk of silent modification of agent state or user files if enabled without review.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install privacy-mask
  3. After installation, invoke the skill by name or use /privacy-mask
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.5
Fix suspicious security flag: exclude SUBMISSIONS.md containing example API key strings
v0.3.4
Declare UserPromptSubmit hook in SKILL.md metadata, improve discoverability (A+ score), expand keywords
v0.3.3
Strip bundle to SKILL.md only, remove pip install instruction, fix version mismatch
v0.3.2
Fix OpenClaw security scan: remove install instructions from agent-facing SKILL.md, declare only local file read/write permissions
v0.3.1
Improve security scan transparency: declare pip-install permission, clarify online setup vs offline processing
v0.3.0
Add GLiNER zero-shot NER detection engine as alternative to regex, with automatic fallback. Add community infrastructure (issue/PR templates, Code of Conduct).
v0.2.4
Add semantic tags for discoverability, enrich description with search keywords, declare hook permissions in metadata
v0.2.3
Add AWS Secret Key detection, fix IBAN false positives
v0.2.2
Fix hook scripts to never show errors to users (trap ERR instead of set -e)
v0.2.1
Remove Chinese from SKILL.md, use English only
v0.1.3
Update display name to Privacy Mask
v0.1.2
Clean publish: exclude hook scripts, source code, and tests to reduce security warnings
v0.1.1
Fix display name
v0.1.0
Initial release: 47 regex rules, dual OCR engine (tesseract + rapidocr), local-only image privacy masking
Metadata
Slug privacy-mask
Version 0.3.5
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 14
Frequently Asked Questions

What is Privacy Mask?

Mask, redact, anonymize and censor sensitive information (PII) in screenshots and images — phone numbers, emails, IDs, API keys, crypto wallets, credit cards... It is an AI Agent Skill for Claude Code / OpenClaw, with 449 downloads so far.

How do I install Privacy Mask?

Run "/install privacy-mask" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Privacy Mask free?

Yes, Privacy Mask is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Privacy Mask support?

Privacy Mask is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Privacy Mask?

It is built and maintained by fullstackcrew-alpha (@fullstackcrew-alpha); the current version is v0.3.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments