MaskClaw: Evolutionary Personalized Privacy Guard
WarnAudited by ClawScan on May 18, 2026.
Overview
MaskClaw has a coherent privacy-guard purpose, but it should be reviewed because it records or prints sensitive data and can automatically publish evolving rules that change future agent behavior.
Review this skill carefully before installing. It appears designed for local privacy protection, not exfiltration, but you should only use it if you are comfortable with local behavior logs, OCR output handling, and self-evolving rules. Disable debug printing, verify the source and dependencies, run only a trusted local model server, and require manual approval before any evolved rule or skill is published.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive text from images may be visible outside the masked image, such as in terminal history, logs, or agent transcripts.
The masking runtime prints all OCR-recognized text and the reconstructed full text before/while masking, which can expose names, IDs, phone numbers, or other PII into console output or captured agent logs.
print(f"OCR 共识别到 {len(texts)} 个文本区域:") ... print(f" {i}: \"{text}\" (置信度: {score:.2f})") ... print(f"\n完整文本: {full_text}")Remove these prints by default, gate them behind an explicit debug flag, and redact or hash sensitive OCR text in any logs.
Private behavior history and possibly sensitive corrected values can be retained and reused for future rule generation.
The behavior monitor persists user actions, value previews, correction values, and PII type metadata to local logs. The artifact shows an expiration timestamp, but not an enforced deletion, opt-in, encryption, or review control.
base_dir: str = "memory/logs" ... "value_preview": value_preview, "correction_value": correction_value, "pii_types_involved": pii_types_involved or [], "expire_ts": expire_ts ... logger.write_correction_log(record)
Minimize stored values, avoid raw correction content when possible, enforce retention/deletion, provide a user-visible log review and purge control, and protect local storage.
The agent's future privacy decisions could change automatically based on inferred behavior, potentially blocking, masking, or allowing actions in ways the user did not explicitly approve.
The architecture describes automatically generating new skills/rules and mounting them after sandbox validation. The provided artifacts do not show an explicit human approval or rollback requirement before those persistent behavior changes take effect.
Skill_Evolution 分析并生成新技能/规则 - 存入本地数据库,沙盒测试验证后挂载
Require explicit user approval before publishing or mounting evolved rules/skills, show a diff/changelog, scope changes to one app/user, and provide rollback and disable controls.
Sensitive local behavior data could be exposed to whatever service is listening on the configured MiniCPM endpoint.
The evolution engine sends prompts to a localhost MiniCPM model service. This is aligned with the stated on-device design, but prompts may include correction logs or SOP content and rely on the local service being trusted.
MINICPM_DEFAULT_URL = "http://127.0.0.1:8000/chat" ... req = urlrequest.Request(self.minicpm_url, data=data, method="POST")
Use only a trusted local model server, avoid changing the endpoint to a remote service unless explicitly approved, and document the local server's logging and retention behavior.
Users may have difficulty confirming that the code and future updates come from a trustworthy publisher.
The registry provenance is unclear and the homepage appears to be a placeholder. This does not prove malicious behavior, but it weakens the ability to verify origin and maintenance.
Source: unknown; Homepage: https://github.com/your-org/maskclaw
Verify the publisher and repository before installing, and prefer a release with a real source URL, pinned dependencies, and a complete install specification.