Has Anonymizer
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherently designed to anonymize user-selected text and images locally, with some normal supply-chain and sensitive-mapping handling considerations.
This appears appropriate for local anonymization. Before installing, make sure you trust the publisher, downloaded models, and Python dependencies, and treat any generated mapping files as confidential because they can restore the original sensitive text.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may download large model files from an external host.
The skill discloses remote model downloads from Hugging Face as part of setup; this is expected for a local ML anonymizer but means users must trust the model source.
"kind": "download", "url": "https://huggingface.co/xuanwulab/HaS_Text_0209_0.6B_Q8/resolve/main/has_text_model.gguf"
Install only if you trust the publisher and model source; verify model provenance if using it for sensitive or regulated data.
Running the image tool may resolve and install compatible package versions from the Python package ecosystem.
The image CLI declares Python dependencies with lower-bound versions rather than pinned hashes; this is common for uv-run scripts but introduces normal dependency supply-chain trust.
dependencies = ["ultralytics>=8.3.0", "opencv-python-headless>=4.8.0", "pillow>=10.0.0"]
Use a trusted Python package index and consider pinning or reviewing dependency versions in higher-assurance environments.
If the mapping file is shared or retained carelessly, someone may be able to reverse the anonymization.
The documented workflow stores a mapping file that is later used to restore anonymized text, so that file likely contains or enables recovery of sensitive originals.
has text hide --type "person name" --file note.txt --mapping-output note.mapping.json; has text restore --mapping mapping.json --file anonymized.txt
Store mapping files securely, avoid sending them with anonymized content, and delete them when restoration is no longer needed.