CloakClaw

v0.1.3

Automatic privacy proxy for AI conversations. Redacts sensitive data (names, companies, financials, SSNs, emails, phones, addresses, API keys, IPs, passwords...

⭐ 0· 110·0 current·0 all-time

by@canonflip-git

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for canonflip-git/cloakclaw.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "CloakClaw" (canonflip-git/cloakclaw) from ClawHub.
Skill page: https://clawhub.ai/canonflip-git/cloakclaw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cloakclaw

ClawHub CLI

Package manager switcher

npx clawhub@latest install cloakclaw

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description align with the included wrappers: the skill wraps a 'cloakclaw' CLI to cloak/decloak sensitive entities. Requiring a cloak engine is reasonable for this purpose.

ℹ

Instruction Scope

SKILL.md and the two scripts are narrowly scoped: they write temporary files for raw-text inputs, call the external 'cloakclaw' CLI, then delete temps. The README references a config at ~/.cloakclaw/config.yaml and optional local Ollama/poppler, which is expected. However SKILL.md's 'Always-on by default' statement contradicts the registry 'always: false' flag — minor inconsistency. The instructions do not themselves read unrelated system files or env vars.

Install Mechanism

There is no install spec in the registry; the skill requires the user to run 'npm install -g cloakclaw' to obtain the actual cloaking binary. Installing an unknown global npm package is moderate-to-high risk because that package (not included here) could perform network exfiltration, telemetry, or other unexpected actions. The wrappers do not mitigate that risk.

✓

Credentials

The bundle itself requests no environment variables or credentials. It references a user config path (~/.cloakclaw/config.yaml) which is reasonable for local settings. No unrelated credentials are requested by the included files or SKILL.md.

✓

Persistence & Privilege

Metadata shows always: false and no elevated privileges. The skill does not request to modify other skills or system-wide settings. It runs the external CLI on demand.

What to consider before installing

The two included scripts are simple wrappers that call an external 'cloakclaw' CLI; they do not themselves network out. The real risk is the third-party npm package you must install globally: audit the 'cloakclaw' npm package and its source repository before installing (check maintainers, version, license, and recent changes). Prefer installing locally or in an isolated environment (container/VM) rather than globally. Inspect ~/.cloakclaw/config.yaml after installation to ensure it doesn't point to unexpected endpoints, and verify the package's telemetry/privacy claims. Test the tool on non-sensitive text first. If you cannot review the npm package source or prefer not to risk installing a global CLI, consider rejecting or requesting the skill vendor publish the code or supply a vetted binary.

✗

scripts/cloak.js:46

Shell command execution detected (child_process).

✗

scripts/decloak.js:40

Shell command execution detected (child_process).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9782taj643b3t4by7vd58k0rh83f183

110downloads

0stars

2versions

Updated 1mo ago

v0.1.3

MIT-0

CloakClaw — Always-On Privacy Proxy

Prerequisites

# Required
npm install -g cloakclaw

# Optional but recommended
brew install poppler       # Better PDF text extraction
ollama pull qwen2.5:7b     # AI-powered name/company detection

Verify: cloakclaw --version should return 0.1.2 or higher.

How It Works

Detect: When user sends a document or sensitive text, auto-detect the document type
Cloak: Run the cloaking engine (regex + local LLM) to replace sensitive entities with realistic fakes
Send: Forward cloaked text to the cloud LLM for analysis
Decloak: When response arrives, reverse all replacements to restore originals
Deliver: Send the restored response to user with a privacy footer

Entity Types (24)

Category	Types
Identity	People, Companies, Passports, Drivers License
Contact	Emails, Phones, Addresses
Financial	Dollars, Percentages, Accounts, Banks, SSNs
Legal	Case Numbers, Jurisdictions
Tech	IP Addresses, MAC Addresses, Passwords/Secrets, API Keys, URLs
Other	Crypto Wallets, GPS Coordinates, VIN Numbers, Medical IDs, Dates

Profiles (6)

general — all 24 types (default for unknown documents)
legal — contracts, NDAs, filings (10 types)
financial — bank statements, P&L, investor docs (11 types)
email — correspondence (10 types)
code — .env files, configs, infra docs (9 types)
medical — HIPAA-adjacent records (11 types)

Auto-Detection Rules

Always cloak (document attached):

PDF, TXT, MD, CSV, JSON, YAML, code files → auto-detect profile from content
Legal keywords (agreement, contract, whereas, hereby) → legal profile
Financial keywords (revenue, P&L, balance sheet, quarterly) → financial profile
Code files (.env, .yaml, .json with secrets) → code profile
Default for unrecognized → general profile

Always cloak (sensitive content in text):

Contains SSN patterns (###-##-####)
Contains dollar amounts > $1,000
Contains multiple proper names + company names
Contains IP addresses, API keys, or passwords
User explicitly says "cloak", "private", "redact", or "protect"

Skip cloaking:

Simple questions with no sensitive data
User says "raw", "uncloak", "no cloak", or "cloakclaw off"

Execution Flow

Step 1: Cloak the document

node scripts/cloak.js --profile <general|legal|financial|email|code|medical> --input /path/to/file

Output JSON:

{
  "sessionId": "a5cc1496-15b9-4b43-8506-3ea75dfe1304",
  "cloaked": "...cloaked text...",
  "entityCount": 20,
  "profile": "legal"
}

Or use the CLI directly:

cloakclaw cloak document.pdf --profile legal -o cloaked.txt

Step 2: Send cloaked text to cloud LLM

Use the cloaked text as the document content. The user's question stays unchanged — only the document data is cloaked.

Step 3: Decloak the response

node scripts/decloak.js --session <sessionId> --input /path/to/response.txt

Or CLI:

cloakclaw decloak -s <sessionId> -f response.txt

Output: restored text with original entities.

Step 4: Deliver with privacy footer

Append to the response:

🔒 CloakClaw: {entityCount} entities protected | Profile: {profile} | Session: {sessionId_short}

User Commands

cloakclaw off — disable auto-cloaking for this session
cloakclaw on — re-enable auto-cloaking
cloakclaw status — show current settings and recent sessions
cloakclaw diff <sessionId> — show what was cloaked

Configuration

Config at ~/.cloakclaw/config.yaml:

ollama:
  url: http://localhost:11434
  model: qwen2.5:7b

Recommended Models by RAM

RAM	Model	Quality
8GB	qwen2.5:3b	Basic (regex does most work)
16GB	qwen2.5:7b	Good
32GB+	qwen2.5:32b	Very good
64GB+	qwen2.5:72b	Excellent

Security

AES-256-GCM encrypted mapping database
Optional password protection (cloakclaw password set)
Auto-expiry: sessions purged after 7 days
Zero telemetry, zero cloud dependency for cloaking
All processing runs locally

⚠️ Disclaimer

CloakClaw is NOT HIPAA, GDPR, SOC 2, PCI-DSS, or CCPA compliant. It is a best-effort privacy tool. Users are responsible for reviewing cloaked output before sharing.

Comments

Loading comments...