Privacy-mask privacy-mask

install

source · Clone the upstream repo

git clone https://github.com/fullstackcrew-alpha/privacy-mask

Claude Code · Install into ~/.claude/skills/

git clone --depth=1 https://github.com/fullstackcrew-alpha/privacy-mask ~/.claude/skills/fullstackcrew-alpha-privacy-mask-privacy-mask

manifest: SKILL.md

source content

Privacy Mask

Detect and mask sensitive information in images locally before they leave your machine.

Prerequisites

This skill requires the

privacy-mask

CLI to be pre-installed on the system. If it is not available, inform the user that they need to install it first:

Install via pip:
```
pip install privacy-mask
```
Ensure Tesseract OCR is installed:
```
brew install tesseract
```
(macOS) or
```
apt install tesseract-ocr
```
(Linux)
Verify installation:
```
privacy-mask --version
```
(Optional) Install NER support:
```
pip install privacy-mask[ner]
```

When to use

User sends a screenshot or image file (
```
.png
```
,
```
.jpg
```
,
```
.jpeg
```
,
```
.bmp
```
,
```
.tiff
```
) that may contain private data
User mentions privacy, masking, redacting, or anonymizing
You need to analyze an image but want to redact sensitive info first
IF the user shares a screenshot for debugging, THEN run
```
privacy-mask mask <path> --dry-run
```
first to check for PII
IF detections are found, THEN mask the image before proceeding with analysis

Usage

Mask an image:

privacy-mask mask /path/to/screenshot.png
privacy-mask mask /path/to/screenshot.png --in-place
privacy-mask mask /path/to/screenshot.png --dry-run   # detect only, no masking
privacy-mask mask /path/to/screenshot.png --detection-engine regex  # regex only, skip NER
privacy-mask mask /path/to/screenshot.png --config /path/to/custom-config.json

Output is JSON:

{
  "status": "success",
  "detections": [{"label": "PHONE_CN", "text": "***", "bbox": [10, 20, 100, 30]}],
  "summary": "Masked 1 regions: 1 PHONE_CN"
}

Example workflow

User provides a screenshot:
```
~/Desktop/error-screenshot.png
```

Run detection:

privacy-mask mask ~/Desktop/error-screenshot.png --dry-run

IF detections found, mask the image:

privacy-mask mask ~/Desktop/error-screenshot.png

The masked output is saved as
```
~/Desktop/error-screenshot_masked.png
```
Use the masked image for further analysis

What it detects

IDs: Chinese ID card, passport, HK/TW ID, US SSN, UK NINO, Canadian SIN, Indian Aadhaar/PAN, Korean RRN, Singapore NRIC, Malaysian IC
Phone: Chinese mobile/landline, US phone, international (+prefix)
Financial: Bank card, Amex, IBAN, SWIFT/BIC
Developer keys: AWS, GitHub, Slack, Google, Stripe tokens, JWT, connection strings, API keys, SSH/PEM keys
Crypto: Bitcoin, Ethereum wallet addresses
Other: Email, birthday, IP/IPv6, MAC, UUID, license plate, MRZ, URL auth tokens
NER (optional): Person names, street addresses, organizations, dates of birth, medical conditions

Constraints

Do NOT send unmasked images to any external API or cloud service
Do NOT skip masking when detections are found — always mask before sharing
Do NOT modify the original image unless
```
--in-place
```
is explicitly requested
Avoid running on very large images (>10MB) without warning the user about processing time

Anti-patterns

Don't assume images are safe — always run detection even if the image "looks clean"
Don't use
--in-place
by default — preserve the original unless the user asks otherwise
Don't ignore dry-run results — if
```
--dry-run
```
finds PII, the image must be masked before use
Don't hardcode config paths — use the bundled default or let the user specify
```
--config
```

Important

All processing is local and offline — no data leaves the machine
Configure rules in the bundled
```
config.json
```
or pass
```
--config
```
for custom rules