Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Redact
v0.1.1Privacy redaction toolkit for images, PDFs, Word documents, and PowerPoint presentations. Use when the user needs to redact, mask, or replace sensitive/priva...
⭐ 0· 82·0 current·0 all-time
bynoah@darknoah
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description claim OCR-based redaction for images/PDF/docx/pptx; the repository includes scripts for reading and redacting each format and lists expected Python OCR and document libraries (PaddleOCR/PPStructureV3, PyMuPDF, python-docx, python-pptx, Pillow). These dependencies and scripts are expected for the stated purpose.
Instruction Scope
SKILL.md instructs running the included scripts with a rules CSV and to use 'uv sync' to install dependencies. The scripts operate on local files and perform OCR and in-place replacements/masking. They create temporary directories and a persistent cache directory (~/.cache/redact_temp) for intermediate outputs; some temp directories are cleaned up but others may remain depending on code paths. The runtime instructions do not ask for unrelated files, credentials, or external endpoints, but they do not explicitly warn about model weight downloads (see install_mechanism note).
Install Mechanism
There is no platform install spec in the registry; SKILL.md recommends using 'uv sync' to create a venv and install dependencies from pyproject. Dependencies include paddlepaddle/paddleocr/paddlex which are large and may pull model binaries or wheels from package/model hosting during installation or first use. No arbitrary URL downloads or obscure installers are present in the bundle itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code sets a few environment variables locally (e.g., DISABLE_MODEL_SOURCE_CHECK, FLAGS_use_mkldnn) which affect runtime behavior but are internal to the scripts. No secret-exposing env vars are requested.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It writes temporary data to disk (creates ~/.cache/redact_temp and various temp dirs) but does not modify other skills or system-wide agent settings.
Assessment
This package appears to be a legitimate local redaction/OCR toolkit. Before installing, note: 1) It requires heavy ML packages (paddlepaddle/paddleocr/paddlex) that may download large binaries or model files during install or first run and may require a lot of disk space and time. 2) The scripts create a cache directory (~/.cache/redact_temp) and temporary result directories; inspect and clean these if you need to avoid leaving extracted content on disk. 3) The code sets DISABLE_MODEL_SOURCE_CHECK in its environment—this is likely non-malicious but unusual; review the scripts if you have strict execution policies. 4) Run the tool in an isolated virtual environment (uv creates one) and inspect sample runs on non-sensitive files first. There are no declared network endpoints, no requested credentials, and no obvious exfiltration code in the bundle, but be aware that model downloads will require network access during install/use.Like a lobster shell, security has layers — review code before you run it.
latestvk97ehvnsvgjtq9jcrwpqwqg8fs83hwxa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.