OpenSkillIndex← back to search
claude-code

Privacy-mask privacy-mask

install
source · Clone the upstream repo
git clone https://github.com/fullstackcrew-alpha/privacy-mask
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/fullstackcrew-alpha/privacy-mask "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/privacy-mask" ~/.claude/skills/fullstackcrew-alpha-privacy-mask-privacy-mask-29059f && rm -rf "$T"
manifest: skills/privacy-mask/SKILL.md
source content

Privacy Mask

Detect and mask sensitive information in images locally before they leave your machine.

Prerequisites

This skill requires the 

privacy-mask
CLI to be pre-installed on the system. If it is not available, inform the user that they need to install it first:

  1. Install via pip: 
    pip install privacy-mask
  2. Ensure Tesseract OCR is installed: 
    brew install tesseract
    (macOS) or 
    apt install tesseract-ocr
    (Linux)
  3. Set up the Claude Code hook: 
    privacy-mask install
  4. Verify: 
    privacy-mask --version

After install, all images are automatically masked before upload. No further action needed.

When to use

  • User sends a screenshot or image file (
    .png
    , 
    .jpg
    , 
    .jpeg
    , 
    .bmp
    , 
    .tiff
    ) that may contain private data
  • User mentions privacy, masking, 脱敏, or 打码
  • You need to analyze an image but want to redact sensitive info first
  • IF the user shares a screenshot for debugging, THEN run 
    privacy-mask mask <path> --dry-run
    first to check for PII

Manual usage

Mask an image:

privacy-mask mask /path/to/screenshot.png
privacy-mask mask /path/to/screenshot.png --in-place
privacy-mask mask /path/to/screenshot.png --dry-run   # detect only
privacy-mask mask /path/to/screenshot.png --detection-engine regex  # regex only, skip NER

Output is JSON:

{
  "status": "success",
  "detections": [{"label": "PHONE_CN", "text": "***", "bbox": [10, 20, 100, 30]}],
  "summary": "Masked 1 regions: 1 PHONE_CN"
}

What it detects

  • IDs: Chinese ID card, passport, HK/TW ID, US SSN, UK NINO, Canadian SIN, Indian Aadhaar/PAN, Korean RRN, Singapore NRIC, Malaysian IC
  • Phone: Chinese mobile/landline, US phone, international (+prefix)
  • Financial: Bank card, Amex, IBAN, SWIFT/BIC
  • Developer keys: AWS, GitHub, Slack, Google, Stripe tokens, JWT, connection strings, API keys, SSH/PEM keys
  • Crypto: Bitcoin, Ethereum wallet addresses
  • Other: Email, birthday, IP/IPv6, MAC, UUID, license plate, MRZ, URL auth tokens
  • NER (optional): Person names, street addresses, organizations, dates of birth, medical conditions

Constraints

  • Do NOT send unmasked images to any external API or cloud service
  • Do NOT skip masking when detections are found
  • Do NOT modify the original image unless 
    --in-place
    is explicitly requested

Important

  • All processing is local and offline — no data leaves the machine
  • The hook intercepts images before upload to cloud API
  • Configure rules in the bundled 
    config.json
    or pass 
    --config
    for custom rules