Openclaw Pii Anonymizer Latest
ReviewAudited by ClawScan on May 10, 2026.
Overview
This PII anonymizer mostly matches its privacy purpose, but its script sends private text to Ollama using unsafe JSON construction that could break or bypass anonymization.
Use this only with a trusted local Ollama endpoint, and do not rely on it as a complete privacy barrier until the script safely JSON-escapes input. Check that jq, curl, Ollama, and the phi3:mini model are installed, since the registry metadata does not declare all setup requirements.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Text containing quotes, backslashes, or crafted JSON-like content could cause the anonymization request to fail or behave differently, reducing confidence that PII is actually scrubbed.
The script inserts user-controlled text directly into a JSON string passed to curl without JSON encoding or escaping.
{\"role\": \"user\", \"content\": \"$input\"}Build the request body with a JSON encoder such as jq --arg, send input via stdin or a safely escaped field, and test inputs containing quotes, newlines, and backslashes.
Private memory or workspace snippets may be sent to the configured Ollama endpoint before being reused in other model or tool workflows.
The skill is intended to process memory and tool-call content, which may contain sensitive or persistent context.
Use for memory_search, tool calls, HEARTBEAT.md sanitization
Keep OLLAMA_URL pointed only at a local or trusted Ollama service, limit the amount of memory sent for sanitization, and review anonymized output before sending it externally.
The skill may not work as expected unless jq, curl, Ollama, and the phi3:mini model are installed and configured manually.
SKILL.md declares runtime dependencies that the registry metadata does not declare, and the package has no install spec.
requires: { bins: [jq, curl], env: [OLLAMA_URL] }Verify dependencies manually before use, and prefer a package version whose registry metadata accurately declares required binaries, environment variables, and setup steps.