ClawHub

Openclaw Pii Anonymizer

v2.0.0

Privacy pipeline for OpenClaw - Hybrid regex + Qwen2.5 LLM to scrub PII (names/emails/SSNs/phones/wallets/IPs/paths) before external AI processing. Script wo...

0· 461·0 current·0 all-time
bySeth Blakely@solmas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (PII anonymizer) match the included scripts and declared requirements (jq, curl, bash, sed, OLLAMA_URL). The scripts implement a hybrid regex + local LLM approach described in SKILL.md; required binaries and the local Ollama endpoint are appropriate for this purpose.
Instruction Scope
Runtime instructions and scripts are limited to local operations: regex substitution, conditional calls to the Ollama HTTP API, and returning anonymized text. The SKILL.md does reference hooks and workspace paths but explicitly notes the hook currently doesn't fire. The scripts do not attempt to read unrelated system secrets or network endpoints beyond the configured OLLAMA_URL.
Install Mechanism
This is instruction-only with no automated install spec; SKILL.md suggests installing system packages (apt jq/curl) and manually pulling an Ollama model. No remote code download or arbitrary archive extraction is specified by the skill itself.
Credentials
The only required env var is OLLAMA_URL, which is appropriate. Two small inconsistencies to note: SKILL.md suggests exporting OLLAMA_MODEL but privacy-anonymize-v2.sh reads MODEL (and defaults to qwen2.5:3b); v1 uses MODEL default phi3:mini. Also, if a user points OLLAMA_URL to a remote service (not localhost), PII would be sent to that endpoint — ensure the endpoint is local/trusted.
Persistence & Privilege
The skill does not request always:true or other high privileges. It is user-invocable and does not modify other skills or system-wide settings. The hook installation is described but nonfunctional; nothing indicates the skill will persistently enable itself or alter unrelated configurations.
Assessment
This package appears to do what it says, but review these points before installing or using on real PII: - Ensure OLLAMA_URL points to a trusted, local Ollama instance (http://localhost:11434). If you set OLLAMA_URL to a remote server, sensitive text will be sent there. - Fix the small env-var mismatch: the v2 script reads MODEL (default qwen2.5:3b) while SKILL.md mentions OLLAMA_MODEL — set MODEL or adjust the script accordingly. - Test thoroughly with non-sensitive data first. Confirm the model output contains only anonymized tokens and no unintended content. - Consider improving JSON construction to avoid input injection issues (use jq or a safer encoding method rather than simple quote-escaping), and validate long inputs before sending to the LLM. - The hook system is noted as broken; do not rely on automatic interception until the hook is fixed and audited. - Be aware of model licensing and storage: pulling qwen2.5:3b downloads a ~1.9GB model; ensure you have the resources and that model logs/storage are controlled. If you want higher assurance, ask the author for a short review or run the script in an isolated environment and verify network traffic (e.g., confirm curl only calls the configured OLLAMA_URL and nothing else).

Like a lobster shell, security has layers — review code before you run it.

latestvk97a6xkh0jkv1xa8wh087ah0j98353t8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsjq, curl, bash, sed
EnvOLLAMA_URL

Comments