Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PII Redactor
v1.0.5Redact sensitive information from text using a locally-hosted, zero-shot PII/PHI detection model.
⭐ 0· 181·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name/description (local, zero-shot PII redaction) aligns with the declared binary requirement (clawguard) and the two required env vars (CLAWGUARD_URL, CLAWGUARD_TOKEN). Requesting a local service and a token is proportionate to the stated purpose. Note: the skill metadata/version (1.0.5) doesn't match the install package pin (clawguard-pii==1.0.4) which is inconsistent and should be reconciled.
Instruction Scope
SKILL.md instructs the agent to send the full draft response to the local redact endpoint and to block sending responses if the URL validation fails — this is expected for redaction. However, sending entire responses to an external service is an inherent exfiltration risk if CLAWGUARD_URL is pointed at a remote/untrusted host; the skill provides validation rules but those allow any HTTPS non-localhost 'internal-hostname' (ambiguous) which could be misused. The documentation also contains a placeholder/ambiguous source URL comment ('replace with the actual repository URL'), which suggests the package/source may not have been fully vetted.
Install Mechanism
The install spec uses a PyPI package (clawguard-pii==1.0.4) which will write a 'clawguard' binary — installing from PyPI is common but requires reviewing the package source. The SKILL.md references a GitHub URL placeholder and the registry lists a different skill version (1.0.5) than the pinned package (1.0.4), which is a red flag: either documentation or packaging is inconsistent. No code files were provided for static review, so the package itself is the only executable artifact to inspect before trusting it.
Credentials
Only CLAWGUARD_URL and CLAWGUARD_TOKEN are required, which map directly to running a local redaction service. There are no unrelated secrets requested. Still, because the agent will send draft responses to the endpoint, these env vars effectively become a potential exfiltration control — ensure the URL points only to a host you control and the token is stored securely and rotated if needed.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills. It allows autonomous invocation (disable-model-invocation=false) which is normal — combine that with the ability to send full responses to the configured endpoint and the exfiltration risk is increased if the endpoint is untrusted, but this is an operational risk rather than an improper privilege request.
What to consider before installing
This skill is conceptually coherent for local PII redaction, but do not install it blind. Before installing: 1) Verify the PyPI package source and review the package code (or the upstream GitHub repo) to ensure it does only what is described; confirm the package owner and checksums. 2) Reconcile the version mismatch (skill v1.0.5 vs pinned package 1.0.4) and confirm the correct release. 3) Ensure CLAWGUARD_URL is set only to localhost or a tightly-controlled internal HTTPS endpoint you operate (do not point to public or untrusted hosts). 4) Keep CLAWGUARD_TOKEN secret, store in a secret manager, and rotate if suspected compromised. 5) Test the service in an isolated environment first to confirm behavior and that the health/redact endpoints behave as documented. 6) If you cannot review the package code, treat the install as higher risk and consider alternatives (well-audited tools or in-process redactors).Like a lobster shell, security has layers — review code before you run it.
latestvk978qb0dnx1ekjqqtpd43vtg1h838hjm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
Binsclawguard
EnvCLAWGUARD_URL, CLAWGUARD_TOKEN
Install
Install clawguard-pii (uv)
Bins: clawguard
uv tool install clawguard-pii==1.0.4