Run any Skill in Manus with one click

anon

De-identify a session transcript (file or folder) by redacting PII LOCALLY before any sharing or cloud use. Produces a redacted GREEN copy with unique reserved-sentinel placeholders ([CONFIDE_PERSON_0001], [CONFIDE_EMAIL_0001], [CONFIDE_DATE_0002]...) plus a counts-only stats summary, and a local secret <name>.map.json (0600, gitignored) that enables confide:rehydrate to restore real values after a cloud analysis. Use when the user says "anonymize this transcript", "redact PII", "de-identify session", "make safe to share", "strip personal data", "anonymize notes before sending to an LLM", or points at a transcript/folder that should be scrubbed. Local-only by default — raw text never leaves the machine; the map is the only artifact with originals and stays local; nothing printed is PII; human review is still required before sharing.

Run Skill in Manus

Stars254

Forks36

UpdatedJune 3, 2026 at 19:50

Source

glebis

glebis/claude-skills

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

File Explorer

2 files

SKILL.md

readonly

name

anon

description

confide:anon — local PII redaction

Redact personally identifying information from a transcript (or a whole folder) using the layered local stack in shared/confide_core.py: regex (emails / URLs / phones / IDs / dates) → Natasha (RU named entities) → local LLM (quasi-identifiers). Spans are interval-merged and replaced with placeholders. The result is a GREEN copy safe to review.

By default anon emits a reversible map: unique reserved-sentinel placeholders (the same EXACT value always becomes the same [CONFIDE_<TYPE>_<NNNN>], e.g. [CONFIDE_PERSON_0001], [CONFIDE_EMAIL_0001], [CONFIDE_DATE_0002]) plus a sibling <name>.map.json (structured: schema_version, doc_id, green_sha256, created, entries[]) mapping each placeholder to its original. The CONFIDE_ sentinel is reserved — a real transcript essentially never contains it, so there is no collision risk and rehydrate never touches ordinary prose like "Person 1". This is exact-value matching, not entity coreference: inflected forms (e.g. RU "Марина" vs "Марины") are SEPARATE placeholders (no lemmatized merge). That map is the secret — the ONLY artifact with originals; it stays local and enables confide:rehydrate to put real values back into a cloud analysis of the GREEN text (round-trip: redact → analyze the green → rehydrate locally). Use --no-map for the legacy non-reversible [TYPE] style (no map written).

Privacy invariants (do not violate)

Local-only. No cloud APIs. Raw text never leaves the machine.
By design, original PII is written ONLY to the local, 0600, gitignored <name>.map.json, which never leaves the machine. It is never printed, and never written to the GREEN copy (the GREEN holds placeholders only; the original file is read, never rewritten). The map is the SECRET — the one artifact with originals. A .gitignore covering *.map.json, *.view.html, and *.restored.md is written/updated in the output dir so these local-only artifacts can never be committed. If the output dir looks cloud-synced (iCloud / Dropbox / OneDrive / Google Drive), anon prints a WARNING that the secret map would be uploaded.
Counts only. stdout and the *.stats.json files carry counts (by type, by layer, redaction rate) — never PII values or redacted text dumps.
Human review still required. Redaction is a floor, not a guarantee. A human must read the GREEN copy before sharing. Pair with confide:red to check residual re-identification risk.

Run it

Run the script on a single file or a directory (processes every .md/.txt):

python3 skills/anon/scripts/anon.py PATH

For each input it writes, next to the file (or into --out DIR):

<name>.green.md — the redacted text (the only thing safe to look at / share after review)
<name>.stats.json — counts only
<name>.map.json — the reversible map (secret; 0600; gitignored; local only). Skipped with --no-map. A .gitignore with *.map.json is also written/updated in the output dir.

Options:

--layers regex,natasha,llm — override which detection layers run (default from config). Use --layers regex for a fully offline, deterministic pass (no models/network).
--out DIR — write outputs to DIR instead of next to each input.
--dry-run — compute and print stats only; write no files.
--no-map — disable the reversible map; emit non-unique [TYPE] placeholders, no map.json.

Already-emitted *.green.md / *.stats.json / *.map.json are skipped, so a folder can be re-run safely.

After running

Report the counts summary (types, layers, redaction rate) — never paste PII.
Tell the user the GREEN copy still needs human review before sharing.
Remind them the <name>.map.json is the secret (originals) — it stays local, never committed/shipped — and that confide:rehydrate uses it to restore real values into a cloud analysis of the GREEN text.
Offer confide:red to probe what an attacker could still infer/link.

Setup

Layer availability (Natasha, local LLM via Ollama) and defaults come from config — run confide:setup first if Natasha/Ollama aren't installed. --layers regex always works offline.

More from this repository

same repository

rigorous-experiments

glebis/claude-skills

This skill should be used when designing, running, validating, or auditing statistical experiments on personal or observational time-series data (health metrics, speech/text corpora, behavioral logs, diaries, n-of-1 self-tracking). It enforces pre-registration, exact permutation tests, FDR discipline, data-validation gates, adversarial code review, and cross-validation with external models. Triggers on "design an experiment", "test this hypothesis on my data", "is this correlation real", "audit these findings", "pre-register", "validate this dataset", or any n-of-1 / quantified-self analysis request.

2026-06-08254

tufte-report

glebis/claude-skills

Create Tufte-inspired data reports and infographic dashboards as standalone HTML files. Uses EB Garamond for text, Monaspace Argon for numbers, Chart.js for interactive charts, and inline SVG sparklines. Produces publication-quality reports with 2-column narrative+data layouts, status dashboards, scroll animations, and responsive mobile support. Use this skill whenever the user wants to create a data report, activity dashboard, infographic, personal analytics page, health tracker visualization, or any document that combines narrative text with interactive charts and tables. Also triggers for "make a report like Tufte", "create an infographic", "build a dashboard", "visualize my data", or requests for beautiful data-driven documents.

2026-06-05254

annotate

glebis/claude-skills

Build and verify a PII gold set with HUMAN annotators (first-class). Launch the browser annotator, label spans per the codebook, export per-annotator label files, then compute inter-annotator agreement (Cohen's/Fleiss' kappa) and draft an adjudicated gold. Use when the user says "annotate PII", "label this transcript", "build a gold set", "inter-annotator agreement", "review annotations", "adjudicate labels", or wants to measure/defend a de-identification gold standard. Local-only: synthetic or consented data only; annotators' names and transcript text stay on the machine — only labels/stats are collected, nothing PII is re-shared.

2026-06-03254

audit

glebis/claude-skills

Run a corpus-scale, STATS-ONLY PII audit over a folder of session transcripts LOCALLY and produce an aggregate report — counts by type and by layer, the per-session redaction-rate distribution, document lengths, and a coarse residual proxy. Use when the user says "audit my sessions", "scan folder for PII", "how much PII across these transcripts", "PII stats for my corpus", "is my redaction holding at scale", or points at a directory of transcripts and asks how much personal data it contains. Fully local — raw text never leaves the machine; the report carries ZERO PII values, transcript substrings, or filenames (only anonymized own-NN ids and counts), so the aggregates are safe to surface. Run it on a RED (raw) corpus to size the PII, or on a GREEN (already-redacted) corpus to check residual leakage.

2026-06-03254

rehydrate

glebis/claude-skills

Put the real values back into an analysis that was produced from GREEN (placeholder) text — LOCALLY, using the user's own reversible map. Completes the confide round-trip (redact -> cloud-analyze the green -> rehydrate locally). Use when the user says "rehydrate", "restore real names", "unmask the analysis", "put the names back", "de-redact this output", "reverse the placeholders", or hands you an analysis full of [CONFIDE_PERSON_0001]/[CONFIDE_DATE_0002] plus a *.map.json. Runs only on the user's own map; the map never leaves the machine; nothing fetched or transmitted. Prints counts only — never echoes restored PII. Warns on placeholders not in the map (possible LLM hallucination).

2026-06-03254

vault

glebis/claude-skills

Set up and verify the CONFIDE THREE LOCKS for storing RED (real, identifiable) session data at rest — device FileVault, a dedicated encrypted store, and per-file sops/age encryption. Use when the user says "set up confide vault", "encrypt my session data", "three locks", "secure store for transcripts", "sops/age for RED data", or asks how to store real therapy/coaching transcripts safely. NON-DESTRUCTIVE: it CHECKS each lock's status and prints the EXACT command to fix any gap; it never moves, deletes, or encrypts data, and never runs `fdesetup enable`/`hdiutil`/`age-keygen` without an explicit flag and your confirmation. Probes are read-only (`fdesetup status`, which sops/age, key path).

2026-06-03254

name

anon

description

confide:anon — local PII redaction

Privacy invariants (do not violate)

Local-only. No cloud APIs. Raw text never leaves the machine.
By design, original PII is written ONLY to the local, 0600, gitignored <name>.map.json, which never leaves the machine. It is never printed, and never written to the GREEN copy (the GREEN holds placeholders only; the original file is read, never rewritten). The map is the SECRET — the one artifact with originals. A .gitignore covering *.map.json, *.view.html, and *.restored.md is written/updated in the output dir so these local-only artifacts can never be committed. If the output dir looks cloud-synced (iCloud / Dropbox / OneDrive / Google Drive), anon prints a WARNING that the secret map would be uploaded.
Counts only. stdout and the *.stats.json files carry counts (by type, by layer, redaction rate) — never PII values or redacted text dumps.
Human review still required. Redaction is a floor, not a guarantee. A human must read the GREEN copy before sharing. Pair with confide:red to check residual re-identification risk.

Run it

Run the script on a single file or a directory (processes every .md/.txt):

python3 skills/anon/scripts/anon.py PATH

For each input it writes, next to the file (or into --out DIR):

<name>.green.md — the redacted text (the only thing safe to look at / share after review)
<name>.stats.json — counts only
<name>.map.json — the reversible map (secret; 0600; gitignored; local only). Skipped with --no-map. A .gitignore with *.map.json is also written/updated in the output dir.

Options:

--layers regex,natasha,llm — override which detection layers run (default from config). Use --layers regex for a fully offline, deterministic pass (no models/network).
--out DIR — write outputs to DIR instead of next to each input.
--dry-run — compute and print stats only; write no files.
--no-map — disable the reversible map; emit non-unique [TYPE] placeholders, no map.json.

Already-emitted *.green.md / *.stats.json / *.map.json are skipped, so a folder can be re-run safely.

After running

Report the counts summary (types, layers, redaction rate) — never paste PII.
Tell the user the GREEN copy still needs human review before sharing.
Remind them the <name>.map.json is the secret (originals) — it stays local, never committed/shipped — and that confide:rehydrate uses it to restore real values into a cloud analysis of the GREEN text.
Offer confide:red to probe what an attacker could still infer/link.

Setup

Layer availability (Natasha, local LLM via Ollama) and defaults come from config — run confide:setup first if Natasha/Ollama aren't installed. --layers regex always works offline.