by 安全扫描
OpenClaw
安全
high confidenceThe skill's code, requirements, and instructions are consistent with a local PII-anonymization utility that uses regex plus a local Ollama model; nothing in the package indicates hidden exfiltration or unrelated credential requests.
评估建议
This package appears to do what it says, but review these points before installing or using on real PII:
- Ensure OLLAMA_URL points to a trusted, local Ollama instance (http://localhost:11434). If you set OLLAMA_URL to a remote server, sensitive text will be sent there.
- Fix the small env-var mismatch: the v2 script reads MODEL (default qwen2.5:3b) while SKILL.md mentions OLLAMA_MODEL — set MODEL or adjust the script accordingly.
- Test thoroughly with non-sensitive data first. Confirm the mod...详细分析 ▾
✓ 用途与能力
Name/description (PII anonymizer) match the included scripts and declared requirements (jq, curl, bash, sed, OLLAMA_URL). The scripts implement a hybrid regex + local LLM approach described in SKILL.md; required binaries and the local Ollama endpoint are appropriate for this purpose.
✓ 指令范围
Runtime instructions and scripts are limited to local operations: regex substitution, conditional calls to the Ollama HTTP API, and returning anonymized text. The SKILL.md does reference hooks and workspace paths but explicitly notes the hook currently doesn't fire. The scripts do not attempt to read unrelated system secrets or network endpoints beyond the configured OLLAMA_URL.
✓ 安装机制
This is instruction-only with no automated install spec; SKILL.md suggests installing system packages (apt jq/curl) and manually pulling an Ollama model. No remote code download or arbitrary archive extraction is specified by the skill itself.
ℹ 凭证需求
The only required env var is OLLAMA_URL, which is appropriate. Two small inconsistencies to note: SKILL.md suggests exporting OLLAMA_MODEL but privacy-anonymize-v2.sh reads MODEL (and defaults to qwen2.5:3b); v1 uses MODEL default phi3:mini. Also, if a user points OLLAMA_URL to a remote service (not localhost), PII would be sent to that endpoint — ensure the endpoint is local/trusted.
✓ 持久化与权限
The skill does not request always:true or other high privileges. It is user-invocable and does not modify other skills or system-wide settings. The hook installation is described but nonfunctional; nothing indicates the skill will persistently enable itself or alter unrelated configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.0.02026/3/2
v2.0: Hybrid regex + Qwen2.5:3b
● 无害
安装命令 点击复制
官方npx clawhub@latest install openclaw-pii-anonymizer
镜像加速npx clawhub@latest install openclaw-pii-anonymizer --registry https://cn.clawhub-mirror.com
技能文档
Status: ⚠️ Partially Working
- ✅ Script works perfectly (manual invocation)
- ❌ Auto-hook interception needs debugging
Hybrid regex + Qwen2.5:3b LLM to scrub PII before external AI calls.
Quick Start
# 1. Install Ollama model
ollama pull qwen2.5:3b# 2. Test the script
cd ~/.openclaw/workspace/skills/openclaw-pii-anonymizer
bash privacy-anonymize-v2.sh "My name is John Doe, SSN 123-45-6789"
# Output: My name is [NAME], SSN [SSN]
What It Does
Replaces PII with tokens:
- Names →
[NAME] - SSNs →
[SSN] - Emails →
[EMAIL] - Phones →
[PHONE] - Wallets →
[WALLET] - IPs →
[IP] - Paths →
[PATH]
Two-layer approach:
- Regex (fast, <1ms) - Structured PII (SSN, email, phone, etc.)
- Qwen2.5:3b (2-3s) - Contextual names (zero hallucination)
Usage
Manual (Working Now)
# In scripts/workflows
ANONYMIZED=$(bash privacy-anonymize-v2.sh "$USER_INPUT")
echo "$ANONYMIZED" | external-api-call
Automatic Hook (TODO)
Hook installed at ~/.openclaw/workspace/hooks/pii-shield/ but doesn't fire on messages yet. Debugging needed.
Requirements
- Ollama running at
http://localhost:11434 - Model:
qwen2.5:3b(1.9GB) - Better instruction-following than phi3:mini - RAM: 16GB recommended (6GB minimum but tight)
- Dependencies:
bash,curl,jq,sed
Why Qwen2.5:3b?
Tested alternatives:
- ❌ phi3:mini - Hallucinates extra content, too chatty
- ✅ qwen2.5:3b - Zero hallucination, task-focused, smaller (1.9GB vs 2.2GB)
- Alternative:
llama3.2:3b(similar performance)
Performance
- Regex layer: <1ms
- LLM layer: 2-3s (only runs if names detected)
- Optimization: Skips LLM for short messages or already-anonymized text
Known Issues
- Hook system -
message:preprocessedevent doesn't fire (needs investigation) - Auto-interception - Messages not automatically scrubbed yet
- Re-contextualization - Not implemented (responses stay anonymized)
For Production
Consider NemoClaw for production deployments:
- Built-in PII handling at architecture level
- Enterprise-grade from Nvidia
- No hook debugging needed
This skill: Development/testing, manual workflows NemoClaw: Production with real customer PII
Testing
# Test 1: Structured PII
bash privacy-anonymize-v2.sh "SSN 123-45-6789, email test@example.com"
# Expected: SSN [SSN], email [EMAIL]# Test 2: Names
bash privacy-anonymize-v2.sh "Hi, I'm Alice Johnson"
# Expected: Hi, I'm [NAME]
# Test 3: Complex
bash privacy-anonymize-v2.sh "John Smith (john@test.com), SSN 987-65-4321, wallet 0x1234567890abcdef1234567890abcdef12345678"
# Expected: [NAME] ([EMAIL]), SSN [SSN], wallet [WALLET]
Files
- privacy-anonymize-v2.sh - Main script (hybrid approach)
- privacy-anonymize.sh - Old v1 (phi3:mini, deprecated)
- hooks/pii-shield/ - Auto-interception hook (needs debugging)
- README.md - Full documentation
Configuration
export OLLAMA_URL=http://localhost:11434
export OLLAMA_MODEL=qwen2.5:3b
Roadmap
- [ ] Fix hook system for auto-interception
- [ ] Re-contextualization (restore real names in responses)
- [ ] Expanded regex patterns (international formats)
- [ ] Async LLM (non-blocking)
- [ ] Caching for repeated phrases
Version
v2.0 (March 17, 2026)
- Hybrid regex + Qwen2.5:3b
- Script works perfectly
- Hook needs debugging
v1.0.2 (March 1, 2026)
- phi3:mini based
- Hallucination issues
License: MIT Author: Solmas (Seth Blakely) Homepage: https://github.com/solmas/openclaw-pii-anonymizer
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制