Ntriq X402 Pii Detect Batch
v1.0.0Batch detect and mask PII across up to 500 text inputs. Flat $6.00 USDC via x402.
⭐ 0· 42·1 current·1 all-time
byntriq@ntriq-gh
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description say local batch PII detection (100% local inference on Mac Mini), but the SKILL.md instructs callers to POST texts to https://x402.ntriq.co.kr/pii-detect-batch and include an X-PAYMENT header. Saying inference is local while requiring a remote API call is internally inconsistent and unexplained.
Instruction Scope
Instructions explicitly direct the agent to send up to 500 text inputs (potentially containing sensitive PII) to an external host and to include a payment header. There is no guidance on data retention, privacy, or what the X-PAYMENT header contains. The agent would therefore transmit sensitive data off-host despite the local-inference claim.
Install Mechanism
This is an instruction-only skill with no install steps and no code to write to disk, so there is no install-time code-execution risk.
Credentials
The SKILL.md requires an X-PAYMENT header for payment but the registry metadata lists no required environment variables or primary credential. Requiring a payment token/credential without declaring how it will be supplied is disproportionate and operationally unclear. Also, sending PII to a remote service for payment processing is a high-sensitivity action that should be justified and declared.
Persistence & Privilege
The skill does not request persistent or elevated privileges (always:false) and does not modify other skills or system settings.
Scan Findings in Context
[no-code-or-binaries] expected: The skill is instruction-only and contains no code files for static analysis. This is consistent with an API-invocation style skill, but increases reliance on the SKILL.md text for security review.
What to consider before installing
Do not send real PII or payment credentials to this service until the developer clarifies the contradiction between "100% local inference" and the required remote POST. Ask the publisher: (1) whether inference truly runs locally or on the remote x402 endpoint; (2) how X-PAYMENT is generated and where credentials are stored; (3) the data retention, logging, and deletion policy for submitted texts; and (4) whether transmissions are authenticated and encrypted. If you need on-device processing, prefer a skill that explicitly documents local-only execution and requires no remote payment header. If you must use this skill, test with non-sensitive dummy data first and confirm the service's reputation and TLS certificate before sending anything real.Like a lobster shell, security has layers — review code before you run it.
latest
PII Detect Batch (x402)
Detect and optionally mask Personally Identifiable Information (emails, phones, SSNs, names, addresses) across up to 500 text inputs in one call. Flat $6.00 USDC. 100% local inference on Mac Mini.
How to Call
POST https://x402.ntriq.co.kr/pii-detect-batch
Content-Type: application/json
X-PAYMENT: <x402-payment-header>
{
"texts": [
"Contact John Smith at john@example.com or 555-0123",
"Invoice sent to 123 Main St, Springfield"
],
"mask": true
}
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
texts | array | ✅ | Text strings to analyze (max 500) |
mask | boolean | ❌ | Replace PII with [TYPE] placeholders (default: false) |
Example Response
{
"status": "ok",
"count": 2,
"results": [
{
"index": 0,
"status": "ok",
"pii_found": [
{"type": "name", "value": "John Smith"},
{"type": "email", "value": "john@example.com"},
{"type": "phone", "value": "555-0123"}
],
"risk_level": "high",
"masked_text": "Contact [NAME] at [EMAIL] or [PHONE]"
}
]
}
Payment
- Price: $6.00 USDC flat (up to 500 texts)
- Network: Base mainnet (EIP-3009 gasless)
- Protocol: x402
curl https://x402.ntriq.co.kr/services
Comments
Loading comments...