Run any Skill in Manus with one click

vault

Set up and verify the CONFIDE THREE LOCKS for storing RED (real, identifiable) session data at rest — device FileVault, a dedicated encrypted store, and per-file sops/age encryption. Use when the user says "set up confide vault", "encrypt my session data", "three locks", "secure store for transcripts", "sops/age for RED data", or asks how to store real therapy/coaching transcripts safely. NON-DESTRUCTIVE: it CHECKS each lock's status and prints the EXACT command to fix any gap; it never moves, deletes, or encrypts data, and never runs `fdesetup enable`/`hdiutil`/`age-keygen` without an explicit flag and your confirmation. Probes are read-only (`fdesetup status`, which sops/age, key path).

Run Skill in Manus

Stars254

Forks36

UpdatedJune 3, 2026 at 19:50

Source

glebis

glebis/claude-skills

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

File Explorer

2 files

SKILL.md

readonly

name

vault

description

confide:vault — the THREE LOCKS for storing RED data

Operationalizes the defense-in-depth storage posture in confide/docs/THREE-LOCKS.md: real (RED) transcripts rest behind three independent locks, so compromising one does not expose a client. To read a real transcript an attacker needs the device password AND the encrypted-store password AND the age key — three separate secrets, ideally held in different places.

Lock	What	Protects against
1 — Device	FileVault full-disk encryption + strong login password + short auto-lock	a lost/stolen/USB-booted machine
2 — Store	RED in a dedicated ENCRYPTED store (encrypted APFS volume / AES-256 `.dmg`), NOT in Documents and NEVER in iCloud/Dropbox	other apps, other users, silent cloud sync
3 — Per-file	each RED file `sops`/`age`-encrypted at rest, age key stored SEPARATELY; processing in a no-network VM/container	files individually sealed; key not beside the data

NON-DESTRUCTIVE — read before running

--check (the default) runs only read-only probes: fdesetup status, shutil.which(sops/age), and os.path.exists(...). It never moves, deletes, or encrypts data and never runs fdesetup enable, hdiutil, age-keygen, or rm.
It reports each lock ✓/✗ and prints the exact command to fix every ✗ — for the user to review and run themselves.
--init-age generates an age key only with that explicit flag, and never overwrites an existing key.
--init-store PATH only prints the encrypted-store creation command; it does not execute disk-image creation. Refuses cloud-synced paths.
Never move, encrypt, or delete the user's RED data on their behalf without explicit confirmation. There is no destructive default.

Run it

# default = read-only status check + checklist with fix commands
python3 skills/vault/scripts/vault.py --check
python3 skills/vault/scripts/vault.py --json            # structured status dict

# point at your own RED store to verify it's not cloud-synced
python3 skills/vault/scripts/vault.py --store-path ~/CONFIDE-RED.dmg

# optional, GUARDED helpers (explicit flags only)
python3 skills/vault/scripts/vault.py --init-age        # make an age key (never overwrites)
python3 skills/vault/scripts/vault.py --init-store ~/CONFIDE-RED.dmg   # prints the hdiutil command

lock_status() is importable and returns:

{
  "device":  {"filevault": bool},
  "store":   {"present": bool, "path": str|None, "cloud_synced": bool, "safe": bool},
  "perfile": {"sops": bool, "age": bool, "key": bool, "key_path": str|None}
}

How to help the user

Run --check and read back the ✓/✗ checklist.
For each ✗, show the printed fix command (e.g. sudo fdesetup enable, age-keygen -o ~/.config/confide/age.key, hdiutil create -encryption AES-256 … ~/CONFIDE-RED.dmg) and let the user run it.
Confirm the RED store is not inside iCloud/Dropbox (store.safe).
Show the sops/age encrypt+decrypt recipe (printed in the checklist) so RED stays ciphertext at rest and is decrypted only in-memory inside the isolated pipeline (confide/docs/ISOLATION.md). Only GREEN (redacted) output ever leaves the machine.

See confide/docs/THREE-LOCKS.md (the model + checklist) and confide/docs/ISOLATION.md (red/green flow, no-network VM/container).

More from this repository

same repository

rigorous-experiments

glebis/claude-skills

This skill should be used when designing, running, validating, or auditing statistical experiments on personal or observational time-series data (health metrics, speech/text corpora, behavioral logs, diaries, n-of-1 self-tracking). It enforces pre-registration, exact permutation tests, FDR discipline, data-validation gates, adversarial code review, and cross-validation with external models. Triggers on "design an experiment", "test this hypothesis on my data", "is this correlation real", "audit these findings", "pre-register", "validate this dataset", or any n-of-1 / quantified-self analysis request.

2026-06-08254

tufte-report

glebis/claude-skills

Create Tufte-inspired data reports and infographic dashboards as standalone HTML files. Uses EB Garamond for text, Monaspace Argon for numbers, Chart.js for interactive charts, and inline SVG sparklines. Produces publication-quality reports with 2-column narrative+data layouts, status dashboards, scroll animations, and responsive mobile support. Use this skill whenever the user wants to create a data report, activity dashboard, infographic, personal analytics page, health tracker visualization, or any document that combines narrative text with interactive charts and tables. Also triggers for "make a report like Tufte", "create an infographic", "build a dashboard", "visualize my data", or requests for beautiful data-driven documents.

2026-06-05254

annotate

glebis/claude-skills

Build and verify a PII gold set with HUMAN annotators (first-class). Launch the browser annotator, label spans per the codebook, export per-annotator label files, then compute inter-annotator agreement (Cohen's/Fleiss' kappa) and draft an adjudicated gold. Use when the user says "annotate PII", "label this transcript", "build a gold set", "inter-annotator agreement", "review annotations", "adjudicate labels", or wants to measure/defend a de-identification gold standard. Local-only: synthetic or consented data only; annotators' names and transcript text stay on the machine — only labels/stats are collected, nothing PII is re-shared.

2026-06-03254

anon

glebis/claude-skills

De-identify a session transcript (file or folder) by redacting PII LOCALLY before any sharing or cloud use. Produces a redacted GREEN copy with unique reserved-sentinel placeholders ([CONFIDE_PERSON_0001], [CONFIDE_EMAIL_0001], [CONFIDE_DATE_0002]...) plus a counts-only stats summary, and a local secret <name>.map.json (0600, gitignored) that enables confide:rehydrate to restore real values after a cloud analysis. Use when the user says "anonymize this transcript", "redact PII", "de-identify session", "make safe to share", "strip personal data", "anonymize notes before sending to an LLM", or points at a transcript/folder that should be scrubbed. Local-only by default — raw text never leaves the machine; the map is the only artifact with originals and stays local; nothing printed is PII; human review is still required before sharing.

2026-06-03254

audit

glebis/claude-skills

Run a corpus-scale, STATS-ONLY PII audit over a folder of session transcripts LOCALLY and produce an aggregate report — counts by type and by layer, the per-session redaction-rate distribution, document lengths, and a coarse residual proxy. Use when the user says "audit my sessions", "scan folder for PII", "how much PII across these transcripts", "PII stats for my corpus", "is my redaction holding at scale", or points at a directory of transcripts and asks how much personal data it contains. Fully local — raw text never leaves the machine; the report carries ZERO PII values, transcript substrings, or filenames (only anonymized own-NN ids and counts), so the aggregates are safe to surface. Run it on a RED (raw) corpus to size the PII, or on a GREEN (already-redacted) corpus to check residual leakage.

2026-06-03254

rehydrate

glebis/claude-skills

Put the real values back into an analysis that was produced from GREEN (placeholder) text — LOCALLY, using the user's own reversible map. Completes the confide round-trip (redact -> cloud-analyze the green -> rehydrate locally). Use when the user says "rehydrate", "restore real names", "unmask the analysis", "put the names back", "de-redact this output", "reverse the placeholders", or hands you an analysis full of [CONFIDE_PERSON_0001]/[CONFIDE_DATE_0002] plus a *.map.json. Runs only on the user's own map; the map never leaves the machine; nothing fetched or transmitted. Prints counts only — never echoes restored PII. Warns on placeholders not in the map (possible LLM hallucination).

2026-06-03254

name

vault

description

confide:vault — the THREE LOCKS for storing RED data

Lock	What	Protects against
1 — Device	FileVault full-disk encryption + strong login password + short auto-lock	a lost/stolen/USB-booted machine
2 — Store	RED in a dedicated ENCRYPTED store (encrypted APFS volume / AES-256 `.dmg`), NOT in Documents and NEVER in iCloud/Dropbox	other apps, other users, silent cloud sync
3 — Per-file	each RED file `sops`/`age`-encrypted at rest, age key stored SEPARATELY; processing in a no-network VM/container	files individually sealed; key not beside the data

NON-DESTRUCTIVE — read before running

--check (the default) runs only read-only probes: fdesetup status, shutil.which(sops/age), and os.path.exists(...). It never moves, deletes, or encrypts data and never runs fdesetup enable, hdiutil, age-keygen, or rm.
It reports each lock ✓/✗ and prints the exact command to fix every ✗ — for the user to review and run themselves.
--init-age generates an age key only with that explicit flag, and never overwrites an existing key.
--init-store PATH only prints the encrypted-store creation command; it does not execute disk-image creation. Refuses cloud-synced paths.
Never move, encrypt, or delete the user's RED data on their behalf without explicit confirmation. There is no destructive default.

Run it

# default = read-only status check + checklist with fix commands
python3 skills/vault/scripts/vault.py --check
python3 skills/vault/scripts/vault.py --json            # structured status dict

# point at your own RED store to verify it's not cloud-synced
python3 skills/vault/scripts/vault.py --store-path ~/CONFIDE-RED.dmg

# optional, GUARDED helpers (explicit flags only)
python3 skills/vault/scripts/vault.py --init-age        # make an age key (never overwrites)
python3 skills/vault/scripts/vault.py --init-store ~/CONFIDE-RED.dmg   # prints the hdiutil command

lock_status() is importable and returns:

{
  "device":  {"filevault": bool},
  "store":   {"present": bool, "path": str|None, "cloud_synced": bool, "safe": bool},
  "perfile": {"sops": bool, "age": bool, "key": bool, "key_path": str|None}
}

How to help the user

Run --check and read back the ✓/✗ checklist.
For each ✗, show the printed fix command (e.g. sudo fdesetup enable, age-keygen -o ~/.config/confide/age.key, hdiutil create -encryption AES-256 … ~/CONFIDE-RED.dmg) and let the user run it.
Confirm the RED store is not inside iCloud/Dropbox (store.safe).
Show the sops/age encrypt+decrypt recipe (printed in the checklist) so RED stays ciphertext at rest and is decrypted only in-memory inside the isolated pipeline (confide/docs/ISOLATION.md). Only GREEN (redacted) output ever leaves the machine.

See confide/docs/THREE-LOCKS.md (the model + checklist) and confide/docs/ISOLATION.md (red/green flow, no-network VM/container).