ClawHub

Redacta

v1.0.0

Redacta pseudonymises medical documents — replacing patient identifiers (NHS numbers, dates of birth, postcodes, phone numbers, hospital numbers) with labell...

0· 512·0 current·0 all-time
byNick Lamb@nickjlamb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (pseudonymise medical documents) matches the SKILL.md instructions. No unrelated binaries, env vars, or installs are requested and the detection rules and output format align with the stated purpose.
Instruction Scope
The instructions are narrowly scoped to text pseudonymisation and list precise regex and contextual rules. Two design choices merit user attention: (1) clinician and institutional names are preserved by default (may leak staff/institution PII in some contexts) and (2) the SKILL.md asks the agent to process text "locally within your AI agent session" but also acknowledges underlying language-model processing; the skill cannot enforce local-only model hosting — platform/model choices determine actual data flow.
Install Mechanism
Instruction-only skill with no install steps or code files; nothing is written to disk or downloaded as part of the skill itself.
Credentials
No environment variables, credentials, or config paths are required. The skill does not request unrelated secrets or permissions.
Persistence & Privilege
No elevated persistence requested (always:false). The skill does not attempt to modify other skills or system-wide settings.
Assessment
This skill appears coherent and lightweight, but check the following before using on real patient data: 1) Model/data handling: the SKILL.md says processing is "local" but actual text may be sent to whatever language model you use—confirm your model provider's data processing and retention policies or run models on-prem if required. 2) Clinician/institution names: the default preserves clinician and hospital names; if your policy requires removing staff or institutional identifiers, instruct the agent to redact them or change the rule. 3) Review outputs: the skill admits it cannot guarantee 100% detection — always manually review pseudonymised text and the redaction report before sharing. 4) Test first: run the skill on representative non-sensitive examples to validate regex/context rules (especially NHS check-digit behaviour and date-context decisions). 5) Scope limits: v1 is text-only (no PDFs/images). If you need stronger guarantees or audit logging, consider integrating with a vetted de-identification pipeline rather than relying solely on instruction-driven redaction.

Like a lobster shell, security has layers — review code before you run it.

latestvk973ychybz2cj7fyh7whvk3dh581cse0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔒 Clawdis

Comments