Security audit

Openclaw Pii Anonymizer Latest

Security checks across malware telemetry and agentic risk

Overview

This is a small PII anonymizer that sends user-provided text to a configured Ollama endpoint, which is disclosed and aligned with its purpose but requires careful endpoint choice.

Install only if you intend to process sensitive text through Ollama. Keep OLLAMA_URL set to localhost, host-only Ollama, or another endpoint you explicitly trust; review any cron or tool-call integration before enabling it, and do not treat the output as a guaranteed privacy boundary without testing it on your data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script sends user-supplied text to an HTTP API for processing, which creates a real data exposure boundary. Even if the default target is localhost, the endpoint is configurable via OLLAMA_URL and there is no validation, warning, or restriction preventing sensitive text from being transmitted to a non-local or intercepted service.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The function transmits raw input text to the chat completions endpoint without any user-facing notice that potentially sensitive content leaves the script and is processed by another service. In a privacy tool, this is especially risky because users may assume anonymization occurs locally and safely before any transmission.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.