Local PII Redaction Skill for OpenClaw Uses GLiNER Model

What This Is

A security-focused OpenClaw skill that intercepts every outgoing response, processes it through a local SLM (GLiNER) to detect potential leaks of sensitive information, and redacts detected content before it leaves the system.

Key Details

The skill uses the nvidia/gliner-PII model locally to scan responses for security credentials and personally identifiable information. When detected, it replaces the sensitive data with descriptive labels like [API_KEY] and appends a short notice indicating what was removed. If no sensitive information is found, responses pass through unchanged.

Setup: Requires running a local server installed via pip install clawguard-pii, then pointing the skill at localhost.

Model specifications: The GLiNER model is approximately 570M parameters, which the creator notes doesn't add significant latency per response.

Detection capabilities: Can identify entities including API keys, passwords, usernames, email addresses, and Social Security Numbers (SSNs).

Limitations

• Misconfiguring CLAWGUARD_URL could create an exfiltration channel. The skill includes URL validation and token authentication as mitigation, but this remains a risk.
• Models are probabilistic and can make mistakes, potentially failing to redact sensitive information, especially with sophisticated prompt injections.
• The skill only processes outgoing responses and doesn't flag incoming prompt injection requests.

Additional Context

The creator expresses interest in hearing about other approaches for running local encoder SLMs in OpenClaw and bundling them with other models, noting that Ollama setup currently only works for running decoder models as the main chatbot model.

The skill is available at: https://clawhub.ai/m-newhauser/pii-redactor