Run any Skill in Manus with one click

audit

Run a corpus-scale, STATS-ONLY PII audit over a folder of session transcripts LOCALLY and produce an aggregate report — counts by type and by layer, the per-session redaction-rate distribution, document lengths, and a coarse residual proxy. Use when the user says "audit my sessions", "scan folder for PII", "how much PII across these transcripts", "PII stats for my corpus", "is my redaction holding at scale", or points at a directory of transcripts and asks how much personal data it contains. Fully local — raw text never leaves the machine; the report carries ZERO PII values, transcript substrings, or filenames (only anonymized own-NN ids and counts), so the aggregates are safe to surface. Run it on a RED (raw) corpus to size the PII, or on a GREEN (already-redacted) corpus to check residual leakage.

Run Skill in Manus

Stars254

Forks36

UpdatedJune 3, 2026 at 19:50

Source

glebis

glebis/claude-skills

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

File Explorer

2 files

SKILL.md

readonly

name

audit

description

confide:audit — corpus-scale, stats-only PII audit

Measure how much PII lives across a whole folder of sessions, without ever exposing any of it. The audit runs the layered LOCAL detector stack from shared/confide_core.py (regex → Natasha → local LLM) over each file and emits only aggregates. This mirrors the real_session_eval privacy contract: read text only in-process, emit counts.

Privacy invariants (do not violate)

Local-only. No cloud APIs. Raw transcript text never leaves the machine.
Stats-only output. The report (markdown + json + optional HTML) contains ONLY counts and rates — never a transcript substring, never a detected PII value.
No filenames. Per-file rows are keyed by anonymized ids own-00, own-01, … The original path/name is never written or printed. On an unreadable file, only the index + exception class name is recorded.
Safe to surface. Because it is counts-only, the aggregate report can be shared with a cloud agent or pasted into a chat. The PII stays on the machine.

What it reports

n_files, total / mean / min / max document chars
spans_by_type (PERSON, EMAIL, PHONE, DATE, …) and spans_by_layer (regex / natasha / llm)
overall_redaction_rate plus the per-session redaction-rate distribution (min / median / mean / max)
a coarse residual proxy: spans still detectable after redaction — ~0 on a clean RED corpus, a leakage signal on a GREEN corpus.

Run it

Point it at a folder (recurses, processes every .md/.txt; skips confide's own *.green.md / *.stats.json outputs):

python3 skills/audit/scripts/audit.py FOLDER

Options:

--list paths.txt — also/instead audit absolute paths listed one per line.
--layers regex,natasha,llm — choose detection layers (default from config). Use --layers regex for a fully offline, deterministic pass (no models/network).
--out report.md — report path; a report.json sibling is written alongside.
--html — also write a Tufte-ish dashboard (report.html, counts only).

Writes the markdown + json report (and optional HTML) and prints the aggregate summary — all counts only.

RED vs GREEN

RED (raw) corpus: sizes the PII problem before any redaction.
GREEN (redacted) corpus: the residual proxy and remaining spans_by_type tell you whether redaction is holding at scale.

After running

Report the aggregate summary (file count, span totals by type/layer, redaction-rate distribution, residual proxy) — never paste PII.
If residual is non-trivial on a GREEN corpus, point the user at confide:anon to re-redact and confide:red to probe re-identification risk.

Setup

Layer availability (Natasha, local LLM via Ollama) comes from config — run confide:setup if they aren't installed. --layers regex always works offline.

More from this repository

same repository

rigorous-experiments

glebis/claude-skills

This skill should be used when designing, running, validating, or auditing statistical experiments on personal or observational time-series data (health metrics, speech/text corpora, behavioral logs, diaries, n-of-1 self-tracking). It enforces pre-registration, exact permutation tests, FDR discipline, data-validation gates, adversarial code review, and cross-validation with external models. Triggers on "design an experiment", "test this hypothesis on my data", "is this correlation real", "audit these findings", "pre-register", "validate this dataset", or any n-of-1 / quantified-self analysis request.

2026-06-08254

tufte-report

glebis/claude-skills

Create Tufte-inspired data reports and infographic dashboards as standalone HTML files. Uses EB Garamond for text, Monaspace Argon for numbers, Chart.js for interactive charts, and inline SVG sparklines. Produces publication-quality reports with 2-column narrative+data layouts, status dashboards, scroll animations, and responsive mobile support. Use this skill whenever the user wants to create a data report, activity dashboard, infographic, personal analytics page, health tracker visualization, or any document that combines narrative text with interactive charts and tables. Also triggers for "make a report like Tufte", "create an infographic", "build a dashboard", "visualize my data", or requests for beautiful data-driven documents.

2026-06-05254

annotate

glebis/claude-skills

Build and verify a PII gold set with HUMAN annotators (first-class). Launch the browser annotator, label spans per the codebook, export per-annotator label files, then compute inter-annotator agreement (Cohen's/Fleiss' kappa) and draft an adjudicated gold. Use when the user says "annotate PII", "label this transcript", "build a gold set", "inter-annotator agreement", "review annotations", "adjudicate labels", or wants to measure/defend a de-identification gold standard. Local-only: synthetic or consented data only; annotators' names and transcript text stay on the machine — only labels/stats are collected, nothing PII is re-shared.

2026-06-03254

anon

glebis/claude-skills

De-identify a session transcript (file or folder) by redacting PII LOCALLY before any sharing or cloud use. Produces a redacted GREEN copy with unique reserved-sentinel placeholders ([CONFIDE_PERSON_0001], [CONFIDE_EMAIL_0001], [CONFIDE_DATE_0002]...) plus a counts-only stats summary, and a local secret <name>.map.json (0600, gitignored) that enables confide:rehydrate to restore real values after a cloud analysis. Use when the user says "anonymize this transcript", "redact PII", "de-identify session", "make safe to share", "strip personal data", "anonymize notes before sending to an LLM", or points at a transcript/folder that should be scrubbed. Local-only by default — raw text never leaves the machine; the map is the only artifact with originals and stays local; nothing printed is PII; human review is still required before sharing.

2026-06-03254

rehydrate

glebis/claude-skills

Put the real values back into an analysis that was produced from GREEN (placeholder) text — LOCALLY, using the user's own reversible map. Completes the confide round-trip (redact -> cloud-analyze the green -> rehydrate locally). Use when the user says "rehydrate", "restore real names", "unmask the analysis", "put the names back", "de-redact this output", "reverse the placeholders", or hands you an analysis full of [CONFIDE_PERSON_0001]/[CONFIDE_DATE_0002] plus a *.map.json. Runs only on the user's own map; the map never leaves the machine; nothing fetched or transmitted. Prints counts only — never echoes restored PII. Warns on placeholders not in the map (possible LLM hallucination).

2026-06-03254

vault

glebis/claude-skills

Set up and verify the CONFIDE THREE LOCKS for storing RED (real, identifiable) session data at rest — device FileVault, a dedicated encrypted store, and per-file sops/age encryption. Use when the user says "set up confide vault", "encrypt my session data", "three locks", "secure store for transcripts", "sops/age for RED data", or asks how to store real therapy/coaching transcripts safely. NON-DESTRUCTIVE: it CHECKS each lock's status and prints the EXACT command to fix any gap; it never moves, deletes, or encrypts data, and never runs `fdesetup enable`/`hdiutil`/`age-keygen` without an explicit flag and your confirmation. Probes are read-only (`fdesetup status`, which sops/age, key path).

2026-06-03254

name

audit

description

confide:audit — corpus-scale, stats-only PII audit

Privacy invariants (do not violate)

Local-only. No cloud APIs. Raw transcript text never leaves the machine.
Stats-only output. The report (markdown + json + optional HTML) contains ONLY counts and rates — never a transcript substring, never a detected PII value.
No filenames. Per-file rows are keyed by anonymized ids own-00, own-01, … The original path/name is never written or printed. On an unreadable file, only the index + exception class name is recorded.
Safe to surface. Because it is counts-only, the aggregate report can be shared with a cloud agent or pasted into a chat. The PII stays on the machine.

What it reports

n_files, total / mean / min / max document chars
spans_by_type (PERSON, EMAIL, PHONE, DATE, …) and spans_by_layer (regex / natasha / llm)
overall_redaction_rate plus the per-session redaction-rate distribution (min / median / mean / max)
a coarse residual proxy: spans still detectable after redaction — ~0 on a clean RED corpus, a leakage signal on a GREEN corpus.

Run it

Point it at a folder (recurses, processes every .md/.txt; skips confide's own *.green.md / *.stats.json outputs):

python3 skills/audit/scripts/audit.py FOLDER

Options:

--list paths.txt — also/instead audit absolute paths listed one per line.
--layers regex,natasha,llm — choose detection layers (default from config). Use --layers regex for a fully offline, deterministic pass (no models/network).
--out report.md — report path; a report.json sibling is written alongside.
--html — also write a Tufte-ish dashboard (report.html, counts only).

Writes the markdown + json report (and optional HTML) and prints the aggregate summary — all counts only.

RED vs GREEN

RED (raw) corpus: sizes the PII problem before any redaction.
GREEN (redacted) corpus: the residual proxy and remaining spans_by_type tell you whether redaction is holding at scale.

After running

Report the aggregate summary (file count, span totals by type/layer, redaction-rate distribution, residual proxy) — never paste PII.
If residual is non-trivial on a GREEN corpus, point the user at confide:anon to re-redact and confide:red to probe re-identification risk.

Setup

Layer availability (Natasha, local LLM via Ollama) comes from config — run confide:setup if they aren't installed. --layers regex always works offline.