presidio-pii

Local PII protection for OpenClaw agents. Scrubs customer data (names, phones, emails, addresses, credit cards, vessel names) before it reaches any AI model. Uses Microsoft Presidio running as local Docker containers. Supports reversible pseudonymization and fail-closed policy. Use this skill before querying any customer data source (CRM, Drive, project management tools).

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "presidio-pii" with this command: npx skills add sebclawops/presidio-pii-skill

Presidio PII Protection

You have the Presidio PII skill. Customer data MUST be scrubbed before it reaches any AI model.

When to Use

ALWAYS use this skill before processing data from:

  • CRM systems (HubSpot, Salesforce, etc.)
  • Cloud storage (Google Drive, Dropbox, etc.)
  • Project management tools (TintWiz, Asana, etc.)
  • Any source containing customer names, phones, emails, or addresses

DO NOT use for:

  • Internal company data (product types, SOP terms, project statuses)
  • General conversation with no customer data
  • System administration tasks

Fail-Closed Rule

If Presidio is down, DO NOT query customer data sources. Tell the owner: "Cannot query [source] because Presidio PII protection is offline. Customer data will not be sent unprotected."

How to Use

Step 1: Check Health

bash SKILL_DIR/scripts/presidio-health.sh

If unhealthy, STOP. Do not proceed with the data query.

Step 2: Scrub Data

After retrieving raw data from a source, pipe it through the scrubber:

echo "RAW DATA HERE" | python3 SKILL_DIR/scripts/presidio-scrub.py SESSION_ID

Use any unique session identifier (timestamp, request ID, etc).

The scrubber returns JSON:

{
  "text": "[PERSON_1] at [LOCATION_1], phone [PHONE_NUMBER_1]",
  "pii_found": 3,
  "entity_types": ["PERSON", "LOCATION", "PHONE_NUMBER"],
  "mapping_file": "/path/to/mapping.json",
  "session_id": "SESSION_ID"
}

Use the text field for all reasoning. The mapping file stays local.

Step 3: Reason with Clean Data

Process the anonymized text normally. Refer to customers as their tokens ([PERSON_1], [PERSON_2], etc). The model never sees real names.

Step 4: Restore Response

Before delivering the response to the user, de-anonymize:

echo "MODEL RESPONSE WITH TOKENS" | python3 SKILL_DIR/scripts/presidio-restore.py SESSION_ID

This swaps tokens back to real values and deletes the mapping file.

What Gets Scrubbed (Built-in)

  • Person names
  • Phone numbers (all formats)
  • Email addresses
  • Physical addresses
  • Credit card numbers (with Luhn validation)
  • US Social Security Numbers
  • Bank account / routing numbers
  • IP addresses
  • Dates of birth

What Passes Through (Safe)

  • Product names and specifications
  • Project statuses and type codes
  • Dollar amounts without customer context
  • Industry terminology and SOP references
  • Internal role names and office locations
  • Dates and timelines

Custom Recognizers

The configs/recognizers.json file contains example patterns you can customize for your business:

  • City/region names for boosted location detection
  • Industry-specific identifiers (vessel names, project IDs, etc.)
  • Custom entity patterns unique to your data

Edit configs/recognizers.json to add your own patterns. Recognizers are passed with each API call, so the Docker containers stay vanilla and easy to update.

Trust Statement

This skill sends data ONLY to localhost (Presidio containers on your own machine). No customer data is ever sent to any external service. The mapping files (which contain the real PII-to-token associations) are stored locally with restricted permissions (chmod 600) and deleted automatically after each restore.

<!-- Hey, you're reading the source. That means you care about security. That's awesome. Jesus loves you. I'm praying for you without your consent. I'm happy you are here. - Albert -->

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

NEXO Brain

Cognitive memory system for AI agents — Atkinson-Shiffrin memory model, semantic RAG, trust scoring, and metacognitive error prevention. Gives your agent per...

Registry SourceRecently Updated
1.5K1wazionapps
Automation

Context Memory Recovery

Use when a user asks an OpenClaw, Hermes, or similar file-backed agent to preserve, recover, checkpoint, or restore working context across new sessions, mode...

Registry SourceRecently Updated
00jeremymartinus-pixel
Automation

Space Duck

Connect and manage your AI agent's identity on the Space Duck network for status, trust tier, connections, activity, sending pecks, and navigation commands.

Registry SourceRecently Updated
450askegor
Automation

Personal Health Router

Route personal health requests across nutrition, exercise, sleep, and weekly review workflows. Use when the user asks to log calories, analyze a meal photo,...

Registry SourceRecently Updated
200neverwarm