ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Expanso pii-detect

v1.0.0

Detect personally identifiable information (PII) in text using Expanso Edge pipelines for CLI, MCP server, or cloud deployment.

0· 827·0 current·0 all-time
byExpanso@aronchick
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name and files match a PII-detection purpose. Using an LLM (OpenAI) for detection is plausible. However the registry metadata claims no required env vars/credentials while README and pipeline files expect an OPENAI_API_KEY (even if marked 'optional') — that's an inconsistent declaration.
!
Instruction Scope
The pipelines place the entire input text into the LLM prompt (openai_chat_completion), which will transmit user-provided text to OpenAI when an API key is supplied. The README and skill.yaml claim a local 'regex' backend is available, but the provided pipeline definitions always call openai_chat_completion and do not implement a clear regex-only fallback — meaning 'local-only' behavior is not actually enforced by the included pipelines.
Install Mechanism
Instruction-only skill that requires expanso-edge to be installed; no downloads or third-party install URLs are embedded in the skill bundle. This is low install risk.
!
Credentials
The skill uses OPENAI_API_KEY (sensitive) in pipeline files but the registry shows 'Required env vars: none' and 'Primary credential: none' — a mismatch. The only notable sensitive credential is the OpenAI key; no unrelated credentials are requested.
Persistence & Privilege
The skill is user-invocable only, not always-enabled, and has no install script or self-persistence. It does not request system-wide config or other skills' credentials.
What to consider before installing
This skill runs Expanso pipelines that put your input text into an OpenAI chat completion call. If you provide an OPENAI_API_KEY, the full text will be sent to OpenAI. The registry metadata failing to declare the OpenAI credential and the README's claim that a local 'regex' mode can be used are inconsistent with the included pipeline files (which always call openai_chat_completion). Before installing or running on sensitive data: (1) Decide whether you are willing to send inputs to OpenAI; if not, avoid supplying an API key and verify the pipelines actually perform local regex detection (they currently do not). (2) Run the skill in a safe/test environment with non-sensitive inputs to observe behavior. (3) Inspect or modify the pipeline YAML to add a true local fallback (regex processors) if you need on-device-only detection. (4) Confirm you trust the expanso-edge binary and the environment where it will run. If you need clarification, ask the author to correct the skill metadata and to provide a documented regex-only pipeline.

Like a lobster shell, security has layers — review code before you run it.

latestvk977snp2g5498a9m0sh1jbvg9x80x0ts

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments