ClawHub

RedactKit - AI Privacy Scrubber

v1.0.0

Scan your data before sending it to AI. Detect and redact PII, secrets, and sensitive info. Reversible, local, zero network calls.

0· 175·0 current·0 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (local reversible redaction) matches the included code and docs. The package only contains a redaction engine, pattern library, CLI helpers and a restoration tool—no unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md and README instruct local redaction and restoration only. Runtime instructions reference only local APIs (the Python library and saving/loading mapping files). There are no instructions to read unrelated system configuration, call external endpoints, or exfiltrate data.
Install Mechanism
No install spec; code is included as plain Python files and uses only the standard library. No downloads from external URLs or package installs are requested.
Credentials
No environment variables, credentials, or config paths are required. The skill's behavior is driven by local config.py (example provided) and CLI args, which is proportionate to its purpose.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or system-wide agent settings. It persists mapping files to disk (by design) but does not request elevated privileges; mapping persistence is expected for reversible redaction.
Assessment
This skill appears to do exactly what it claims: regex-based, reversible local redaction. Important cautions before you install/use it: - Mapping files contain original sensitive values in plaintext (LIMITATIONS.md documents this). Treat mapping JSON like secrets: never commit them to version control, store them on encrypted filesystems, and restrict filesystem permissions (chmod 600). Consider encrypting mapping files (GPG, filesystem encryption) if they will be stored or transferred. - Regex-based detection has false positives and false negatives. Test on non-sensitive samples first, use report mode, and add exclusion/custom patterns as needed. Neither the tool nor its patterns provide semantic understanding. - Custom patterns accept arbitrary regex. Malformed or exponential-time regexes can cause crashes or slowdowns (ReDoS). Validate custom regexes and avoid pathological patterns for untrusted inputs. - The tool loads entire files into memory and may be slow or OOM on very large files; follow README guidance to split large files. - Although the code contains no network calls, the README references external preprocessing (OCR, pdftotext) as optional steps; those external tools can introduce network or additional risks—only run trusted preprocessing tools. If you need higher assurance for compliance (e.g., HIPAA, legal redaction), use a certified tool or additional safeguards—this is a useful ad-hoc/local utility but not a compliance guarantee.

Like a lobster shell, security has layers — review code before you run it.

data-protectionvk972stx914ynx8nb7mhwndwzr182rn9blatestvk972stx914ynx8nb7mhwndwzr182rn9bpiivk972stx914ynx8nb7mhwndwzr182rn9bprivacyvk972stx914ynx8nb7mhwndwzr182rn9bredactionvk972stx914ynx8nb7mhwndwzr182rn9bsecurityvk972stx914ynx8nb7mhwndwzr182rn9b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments