ClawHub

Hipaa Compliance Auditor

v0.1.0

Automatically detect and de-identify PII (Personal Identifiable Information) and PHI (Protected Health Information) from clinical/medical text to ensure HIPA...

0· 84·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the delivered artifacts: SKILL.md, regex patterns, spaCy-based NER usage, and a CLI/Python API are all appropriate for a de-identification auditor. Declared dependencies (spaCy, optional Presidio) align with the stated technical approach.
Instruction Scope
Runtime instructions are scoped to reading input text, detecting PII, producing de-identified output and an audit log. One operational note: the implementation includes PIIDetection.original_text (the original matched text) which may be included in audit logs used for manual review — this is reasonable for QA but is sensitive and should be protected or redacted according to policy.
Install Mechanism
No install script is provided (instruction-only + code file). Dependencies are standard Python/NLP packages; model installs (en_core_web_trf/en_core_web_lg) are invoked separately per spaCy guidance. No downloads from unknown servers or run-time extraction of remote archives were found.
Credentials
The skill requires no environment variables, credentials, or config paths beyond local filesystem access for input/output — appropriate for its function. Caveat: audit logs and output files may contain original sensitive values (or metadata) and must be stored with appropriate access controls; installing transformer models may require network access to download large model files.
Persistence & Privilege
The skill does not request always:true or otherwise elevated persistent privileges. It reads/writes files in the workspace as expected for a CLI tool and does not modify other skills or system-wide agent settings.
Assessment
This skill appears coherent with its HIPAA de-identification purpose, but before installing or running it: 1) Test on non-production/sample data to validate detection and false-positive rates. 2) Ensure required spaCy models (en_core_web_trf/en_core_web_lg) and optional Presidio are installed from official sources; be aware transformer models are large and may be downloaded. 3) Treat audit logs and any JSON containing original_text or input hashes as sensitive — store them encrypted or restrict access, or configure the tool to avoid persisting original PII if you do not need it. 4) Perform manual review on outputs (the README warns this) and confirm the tool meets your organization’s legal/compliance requirements. If you need, provide the truncated portion of scripts/main.py for a full review to ensure no hidden network calls or writes beyond the workspace.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cxezkxyb32whgttqm04nh9s83e6b3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments