MaskClaw: Evolutionary Personalized Privacy Guard

v1.0.0

MaskClaw - 端侧隐私保护 Skill 套件，提供智能打码、行为监控与规则自进化能力

⭐ 2· 20·0 current·0 all-time

byDongying Zheng@theodora-y

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's name/description (on-device privacy: OCR-based masking, behavior monitoring, rule evolution) aligns with the included modules (smart_masker, behavior_monitor, evolution_mechanic). However there are mismatches: SKILL.md instructs starting a model server at model_server/minicpm_api.py (no model_server folder in the manifest), and evolution code expects local components (memory.chroma_manager, sandbox.*, skill_registry) that are not declared in SKILL.md dependencies. Some declared Python packages (rapidocr, opencv-python, chromadb, transformers) are consistent with OCR/RAG/LLM usage, but modules representing local project components are missing or not guaranteed to exist. This suggests the bundle is incomplete or assumes additional platform components.

Instruction Scope

Runtime instructions ask to run a local MiniCPM model server and then use the skills to process images and write behavior logs. The code writes/reads under memory/ and user_skills/ and saves masked images, and the evolution engine reads those logs and writes new skill artifacts into user_skills/ and a skill registry DB. Writing user-generated skills and 'publishing' them is within the stated self-evolution purpose, but it grants the skill the ability to generate and persist code that could later be executed. SKILL.md also claims a prohibition on uploading raw screenshots, which the code appears to follow (it sends masked images), but you should verify there is no path that forwards unmasked data. Additionally, several instructions reference files or modules not present in the package (e.g., model_server/minicpm_api.py, sandbox modules), creating ambiguity about actual runtime behavior.

✓

Install Mechanism

There is no automated install spec (instruction-only with code files). That lowers supply-chain risk (nothing downloaded/install-run at install time). Required Python packages are listed in SKILL.md and are plausible for OCR/vision and RAG/LLM work. Because there is no remote download step in the manifest, there is no immediate high-risk installer URL to flag.

✓

Credentials

The skill requests no environment variables or external credentials. Its operations are local (OCR, file I/O under memory/ and user_skills/, local HTTP to 127.0.0.1 for MiniCPM). No cloud credentials or unrelated secrets are required, which is proportionate to the described functionality. That said, local files written may contain sensitive metadata (behavior logs, rules), so file-location access should be considered.

Persistence & Privilege

The self-evolution engine is designed to generate and persist new SOPs/skills into a user_skills directory and to save session traces into a skill registry DB. While this is coherent with a 'self-evolving' design, it means the skill can create and store new code/artifacts on disk and update its local skill database. Combined with autonomous invocation (model invocation is allowed by default) this raises a higher blast radius: the skill could iteratively modify/publish artifacts that later get executed by the agent. The SKILL.md mentions sandbox tests and a FinalSandbox, but those components are referenced in code/imports and are not present in the manifest, so the enforcement of sandbox gates is unclear.

What to consider before installing

Key things to consider before installing or running this skill: 1) Incomplete bundle: SKILL.md and code reference a local model server (model_server/minicpm_api.py) and platform modules (memory.chroma_manager, sandbox.*, skill_registry) that are not present in the package. Do not run the code until you confirm those components exist and are the exact implementations you expect. 2) Self-evolution persistence: The evolution engine is designed to write new skills/rules under user_skills/ and to update a skill registry DB. This is powerful and can persist generated code/artifacts. If you plan to use this, run it in an isolated environment (VM/container) and audit any generated files before allowing them to be loaded or executed. 3) Review network and file paths: The package talks to a local LLM at 127.0.0.1 and writes logs to memory/ and user_skills/. Ensure the model server is actually local and not configured to proxy to an external host. Inspect what is stored in memory/logs and user_skills for sensitive data and manage file permissions accordingly. 4) Confirm masking guarantees: The architecture claims raw screenshots are never uploaded. Validate in practice by tracing all code paths that forward data (search for any external URLs or non-local hosts) and ensure only masked images (not originals) are forwarded to any remote or cloud agent. 5) Dependency and import issues: The evolution module swallows ImportError in a try/except but then proceeds to call components (ChromaManager(), SkillDB()) without guarding for their absence — this will crash or behave unpredictably. Ensure all required internal modules or replacement stubs are present before running. 6) Test in a sandbox: If you want to evaluate functionality, run demos in a controlled environment with no network egress, minimal test data, and review all files produced. Require and manually run the 'sandbox/regression_test.py' and any validators the package claims to use before enabling auto-publishing. If you want, I can (a) list the exact lines that attempt to write to user_skills / skill_registry, (b) search the code for any non-local network endpoints, or (c) suggest a minimal safe test plan/commands to run this package in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk970yk22zxajrd2e3qe89r3p318400qz

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

MaskClaw Core Skills

端侧隐私保护 Skill 套件 —— 智能打码 · 行为监控 · 规则自进化

1. 项目概述

MaskClaw 是一个基于端侧 Tool-Use 的隐私前置代理框架，充当云端 Agent (AutoGLM) 与手机/桌面 UI 之间的"安全保镖"。

系统通过端侧 MiniCPM-V 大模型调度一组原子化工具 (Skills)，在执行前对敏感数据进行实时识别、动态脱敏，并通过用户行为反馈实现隐私防护策略的自进化。

┌────────────────────────────────────────────────────────────────┐
│                      MaskClaw 四层协同架构                      │
├────────────────────────────────────────────────────────────────┤
│  ┌──────────┐   ┌──────────┐   ┌──────────┐   ┌──────────┐   │
│  │  感知层   │ → │  认知层   │ → │  工具层   │ → │  进化层   │   │
│  │Perception│   │Cognition │   │Tool-Use  │   │Evolution │   │
│  └──────────┘   └──────────┘   └──────────┘   └──────────┘   │
│                                                                │
│  ┌────────────────────────────────────────────────────────┐   │
│  │              ChromaDB RAG 规则知识库                     │   │
│  └────────────────────────────────────────────────────────┘   │
└────────────────────────────────────────────────────────────────┘

2. 核心 Skills

Skill	功能	核心能力
Smart_Masker	智能视觉打码	基于 RapidOCR 识别敏感文本，支持高斯模糊/马赛克/色块覆盖
Behavior_Monitor	行为监控	持续监听 Agent 操作，捕获用户主动干预动作
Skill_Evolution	规则自进化	基于爬山法持续优化 SOP，沙盒测试验证后自动挂载

3. 快速开始

3.1 环境要求

# Python >= 3.10
pip install rapidocr opencv-python numpy transformers chromadb

3.2 启动模型服务

cd model_server
python minicpm_api.py
# 模型服务将监听 http://127.0.0.1:8000

3.3 使用 Smart Masker

from skills.smart_masker import VisualMasker

masker = VisualMasker()
keywords = ["手机号", "身份证", "银行卡"]

result = masker.process_image(
    image_path="test.jpg",
    sensitive_keywords=keywords,
    method="blur"
)

print(f"检测到 {result['regions_count']} 个敏感区域")
print(f"脱敏图片: {result['masked_image_path']}")

3.4 使用 Behavior Monitor

from skills.behavior_monitor import log_action_to_chain

log_action_to_chain(
    user_id="user_001",
    action="share_or_send",
    resolution="block",
    scenario_tag="钉钉发送病历截图",
    app_context="钉钉",
    field="medical_record",
    pii_type="MedicalRecord",
    correction_type="user_denied",
    auto_flush=True,
)

3.5 使用 Skill Evolution

from skills.evolution_mechanic import SOPEvolution

engine = SOPEvolution()
result = engine.run_pipeline(
    user_id="user_001",
    draft_name="钉钉隐私规则",
    step="all",
)

4. 目录结构

maskclaw-core/
├── SKILL.md                    # 本文件
├── scripts/
│   ├── smart_masker.py          # 智能打码核心模块
│   ├── smart_masker_demo.py    # 打码演示脚本
│   ├── behavior_monitor.py     # 行为监控核心模块
│   ├── behavior_monitor_demo.py # 监控演示脚本
│   ├── evolution_mechanic.py  # 进化引擎核心模块
│   └── evolution_demo.py       # 进化演示脚本
├── references/
│   ├── ARCHITECTURE.md         # 系统架构文档
│   ├── SKILLS_API.md           # Skills API 契约
│   ├── RAG_SCHEMA.md           # 向量数据库设计
│   ├── PROMPT_TEMPLATES.md     # Prompt 模板
│   └── SELF_EVOLUTION.md       # 自进化机制设计
├── assets/
│   ├── rule_schema.json        # 规则 Schema 模板
│   └── sop_template.md         # SOP 模板
└── evals/
    └── evals.json              # 测试用例定义

5. API 契约

5.1 Smart Masker

方法: process_image(image_path, sensitive_keywords, method='blur')

参数	类型	必填	说明
`image_path`	`str`	✅	图片路径
`sensitive_keywords`	`List[str]`	✅	敏感关键词列表
`method`	`str`	❌	`blur`(默认) / `mosaic` / `block`

返回值:

{
  "success": true,
  "masked_image_path": "temp/masked_xxx.jpg",
  "detected_regions": [{"text": "138****5678", "bbox": [x1, y1, x2, y2]}],
  "regions_count": 1,
  "processing_time_ms": 45
}

5.2 Behavior Monitor

方法: log_action_to_chain(user_id, action, resolution, scenario_tag, ...)

参数	类型	必填	说明
`user_id`	`str`	✅	用户标识
`action`	`str`	✅	操作类型
`resolution`	`str`	✅	决策结果
`scenario_tag`	`str`	✅	场景标签
`correction_type`	`str`	❌	纠错类型

返回值:

{
  "chain_id": "user_001_钉钉发送病历_1700000001",
  "action_count": 1,
  "has_correction": false
}

5.3 Skill Evolution

方法: run_pipeline(user_id, draft_name, step='all', ...)

参数	类型	必填	说明
`user_id`	`str`	✅	用户标识
`draft_name`	`str`	✅	草稿名称
`step`	`str`	❌	`rebuild`/`init`/`evolve`/`sandbox`/`publish`/`all`

返回值:

{
  "success": true,
  "evolve": {
    "total_iterations": 5,
    "final_score": 92.5,
    "reached_threshold": true
  },
  "sandbox": {"passed": true},
  "publish": {"skill_name": "dingtalk-privacy-rule", "version": "v1.0.0"}
}

6. 五级置信度判决

判决	条件	系统行为
Allow	规则库完整匹配，安全	直接放行
Block	规则库完整匹配，风险明确	直接拦截
Mask	规则库完整匹配，需脱敏	执行打码后放行
Ask	规则库信息不完整	主动向用户确认
Unsure	新场景无记录	标记并等待用户教授

7. 自进化机制 (爬山法)

┌─────────────────────────────────────────────────────────────┐
│  第 1 步：agent 对 skill 做一个小改动                         │
│         （比如：加一条"必须核对输入数据"的规则）               │
├─────────────────────────────────────────────────────────────┤
│  第 2 步：用改动后的 skill 跑 10 个测试用例                   │
├─────────────────────────────────────────────────────────────┤
│  第 3 步：用 checklist 给每个输出打分                         │
│         （4 个检查项全过 = 100 分，3 个过 = 75 分...）        │
├─────────────────────────────────────────────────────────────┤
│  第 4 步：算平均分                                           │
│         - 比上一轮高 → 保留改动                               │
│         - 比上一轮低 → 撤销改动                               │
├─────────────────────────────────────────────────────────────┤
│  第 5 步：重复，直到连续 3 轮分数超过 90% 或你喊停            │
└─────────────────────────────────────────────────────────────┘

8. 错误码

错误码	说明	处理建议
`MASK_001`	图片解码失败	检查图片格式
`MASK_002`	图片过大	压缩后重试
`MASK_003`	OCR 识别失败	检查图片质量
`MONITOR_001`	日志写入失败	检查存储权限
`EVOLUTION_001`	规则生成失败	减少测试用例批次
`EVOLUTION_002`	沙盒测试超时	检查测试环境

9. 许可

MIT License

10. 更新日志

v1.0.0 (2026-03-25)

初始版本发布
包含 Smart_Masker, Behavior_Monitor, Skill_Evolution 三大核心模块
支持 MiniCPM-V 4.5
集成 ChromaDB RAG 知识库

Files

15 total

Select a file

Select a file to preview.

Comments

Loading comments…