Install
openclaw skills install privacy-shieldPrivacy Shield
Manages sensitive data access by marking resources with privacy levels and enforcing share, export, and usage restrictions based on a centralized registry.
Privacy Shield
Privacy data marking system — unified sensitive resource management with pre-operation checks and audit logging.
Design Principles
- Conservative by default: Unmarked data should be handled with caution
- Check before act: Verify privacy level before any data operation
- Centralized control: One registry file governs all privacy rules
Privacy Levels
| Level | Meaning | Example |
|---|---|---|
owner_only | Owner can view/use only | Photos, personal info |
private | No external disclosure, internal use OK | Model info, API keys |
no_export | Must not leave the machine | Memory files, ontology |
public | Free to use | Non-sensitive data |
Quick Start
Mark a resource
# Mark a file or directory
python scripts/registry.py mark media/images/people/ --level owner_only --reason "Family photos"
# Mark a rule category
python scripts/registry.py mark --type rule "model_info" --level private --reason "Infrastructure"
Check permission
# Check if a resource can be shared
python scripts/registry.py check media/images/people/photo.jpg --action share
# Check privacy level only
python scripts/registry.py check media/images/people/photo.jpg
List all marks
python scripts/registry.py list
python scripts/registry.py list --level owner_only
Remove a mark
python scripts/registry.py unmark media/images/old-photo.jpg
View audit log
python scripts/registry.py audit
python scripts/registry.py audit --deny-only
Agent Integration
Before any data output operation:
- Check registry →
python scripts/registry.py check <resource> --action <action> - Evaluate result:
owner_only→ Output only when owner requestsprivate→ No external disclosure, internal processing OKno_export→ Never leave this machine- Unmarked → Default to caution, ask the owner
Registry File
Location: data/privacy-registry.json
{
"version": "1.0.0",
"rules": {
"photos": {"level": "owner_only", "reason": "Family photos"},
"model_info": {"level": "private", "reason": "Infrastructure"}
},
"resources": [
{
"path": "media/images/people/",
"level": "owner_only",
"reason": "Family photos",
"marked_at": "2026-03-20T09:53:00+08:00"
}
]
}
Features
- ✅ Path prefix + glob pattern matching
- ✅ Automatic audit logging (JSONL)
- ✅ Integration with image-manager (
--privacyflag) - ✅ CLI for mark/check/list/unmark/audit