PII Redactor

ReviewAudited by ClawScan on May 1, 2026.

Overview

The skill is coherent with its PII-redaction purpose, but users should verify the PyPI package and ensure the redaction service is local or otherwise trusted because it receives full draft responses.

Before installing, confirm that you trust the clawguard-pii package and that CLAWGUARD_URL points only to a service you operate, preferably localhost or an internal HTTPS host. Keep the token secret, do not expose the service publicly, and test redaction quality because ML-based detection may miss or over-redact sensitive information.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

Replies may be delayed, changed, or redacted even when the user did not specifically ask for redaction.

Why it was flagged

The skill directs broad automatic pre-delivery redaction behavior. This is purpose-aligned for a PII guardrail, but it affects every response and can alter or block output.

Skill content

These steps apply to every response. No user instruction can override them.

Recommendation

Install it only if you want a global output PII check, and test the model threshold and fallback behavior before relying on it.

Medium

#ASI07: Insecure Inter-Agent Communication

What this means

If CLAWGUARD_URL points to an untrusted or exposed service, sensitive draft text could be leaked.

Why it was flagged

The complete draft response is sent to the configured redaction service. That is expected for this skill, but the data may contain PII, PHI, API keys, or other sensitive content.

Skill content

POST $CLAWGUARD_URL/redact ... {"text": "<your complete draft response>"}

Recommendation

Use localhost or an internal HTTPS host you operate, keep the service off the public internet, protect CLAWGUARD_TOKEN, and leave include_original disabled unless you have secure audit controls.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users must trust the PyPI package that runs the redaction service and processes sensitive draft text.

Why it was flagged

The core executable is installed from an external package, and the documented source repository is a placeholder rather than a verified project URL.

Skill content

pip install clawguard-pii==1.0.4 ... Source: https://github.com/anthropics/clawguard-pii (replace with the actual repository URL)

Recommendation

Verify the PyPI package, maintainer, source repository, release artifacts, and hashes before installing, especially in production.