ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Distil Open Claw Pii

v1.1.1

Redact PII from text locally using a fine-tuned 1B SLM. Text never leaves your machine. Handles names, emails, phones, addresses, SSNs, credit cards, IBANs,...

0· 54·0 current·0 all-time
byJacek Golebiowski@jgolebiowski
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims local-only redaction and no required binaries, but the provided scripts require a local 'llama-server' (llama.cpp) binary, curl, and Python. The registry metadata lists no required binaries even though setup.sh explicitly checks for llama-server and downloads a model—this mismatch is incoherent and should be corrected/confirmed.
!
Instruction Scope
SKILL.md instructs the agent to 'NEVER include the user's raw input' and to return only redacted text by default. However, scripts/redact.py's system prompt and output schema explicitly require the entities array to include the original value field (the original PII). The script only prints the redacted text by default, but the model response will contain the original values (and --show-entities prints them). That contradiction increases risk of accidental exposure (logging, debugging, or misuse of --show-entities). The script only talks to localhost, not external endpoints.
Install Mechanism
There is no package install spec; setup.sh downloads a ~5 GB GGUF model from huggingface.co (a known host) and starts a local llama-server. Downloading from Hugging Face is expected for local models; the install does not use obscure URLs or extract untrusted archives. It does start a background server and writes to $HOME/.distil-pii.
Credentials
The skill requests no environment variables or external credentials, which is appropriate for a local redactor. It does create files under $HOME/.distil-pii (model and PID) which is proportionate for this purpose.
Persistence & Privilege
The skill runs a persistent local server (llama-server) and stores the model and a PID file under $HOME/.distil-pii. always:false (good). Running a local HTTP server on port 8712 is expected, but you should confirm the server binds only to localhost and verify the process is trusted.
What to consider before installing
Key things to consider before installing: - The metadata claims no required binaries, but the scripts require llama-server (llama.cpp), curl, and Python. Verify you have (or want) those installed. - The model is downloaded from Hugging Face (official domain) into $HOME/.distil-pii; expect ~5 GB disk usage and network download. - Important privacy nuance: the local model is instructed to include original PII values in the 'entities' array. The script prints only the redacted_text by default, but the original values are present inside the model response and will be printed if you use --show-entities (or if a bug/logging step captures the full response). If you need a stronger guarantee that original values are never returned, modify the system prompt/code so the model never includes raw values (e.g., store hashed/masked values or omit the 'value' field entirely). - Confirm llama-server actually binds to localhost (not 0.0.0.0) and that your firewall blocks external access to port 8712 to avoid local network exposure. - Run the setup in an isolated environment (VM/container) if you handle high-risk PII until you verify behavior; inspect server logs and verify no unexpected outbound connections. - If you plan to share this skill in production, ask the publisher to: (1) update registry metadata to list required binaries, (2) document the privacy tradeoffs of the 'entities.value' field, and (3) provide checksums for the model download so you can verify integrity.

Like a lobster shell, security has layers — review code before you run it.

latestvk977tzs4rykntsz9seyn025nq984e2em

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments