glebis/audit
confide/skills/audit/SKILL.md
Run a corpus-scale, STATS-ONLY PII audit over a folder of session transcripts LOCALLY and produce an aggregate report — counts by type and by layer, the per-session redaction-rate distribution, document lengths, and a coarse residual proxy. Use when the user says "audit my sessions", "scan folder for PII", "how much PII across these transcripts", "PII stats for my corpus", "is my redaction holding at scale", or points at a directory of transcripts and asks how much personal data it contains. Fully local — raw text never leaves the machine; the report carries ZERO PII values, transcript substrings, or filenames (only anonymized own-NN ids and counts), so the aggregates are safe to surface. Run it on a RED (raw) corpus to size the PII, or on a GREEN (already-redacted) corpus to check residual leakage.
$ install --global
skillsauthnpx skillsauth add glebis/claude-skills auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 2:03 AM87.5s2 files scanned
SKILL.md
- name:
- audit
- description:
- Run a corpus-scale, STATS-ONLY PII audit over a folder of session transcripts LOCALLY and produce an aggregate report — counts by type and by layer, the per-session redaction-rate distribution, document lengths, and a coarse residual proxy. Use when the user says "audit my sessions", "scan folder for PII", "how much PII across these transcripts", "PII stats for my corpus", "is my redaction holding at scale", or points at a directory of transcripts and asks how much personal data it contains. Fully local — raw text never leaves the machine; the report carries ZERO PII values, transcript substrings, or filenames (only anonymized own-NN ids and counts), so the aggregates are safe to surface. Run it on a RED (raw) corpus to size the PII, or on a GREEN (already-redacted) corpus to check residual leakage.
confide:audit — corpus-scale, stats-only PII audit
Measure how much PII lives across a whole folder of sessions, without ever exposing any
of it. The audit runs the layered LOCAL detector stack from shared/confide_core.py
(regex → Natasha → local LLM) over each file and emits only aggregates. This mirrors
the real_session_eval privacy contract: read text only in-process, emit counts.
Privacy invariants (do not violate)
- Local-only. No cloud APIs. Raw transcript text never leaves the machine.
- Stats-only output. The report (markdown + json + optional HTML) contains ONLY counts and rates — never a transcript substring, never a detected PII value.
- No filenames. Per-file rows are keyed by anonymized ids
own-00,own-01, … The original path/name is never written or printed. On an unreadable file, only the index + exception class name is recorded. - Safe to surface. Because it is counts-only, the aggregate report can be shared with a cloud agent or pasted into a chat. The PII stays on the machine.
What it reports
n_files, total / mean / min / max document charsspans_by_type(PERSON, EMAIL, PHONE, DATE, …) andspans_by_layer(regex / natasha / llm)overall_redaction_rateplus the per-session redaction-rate distribution (min / median / mean / max)- a coarse residual proxy: spans still detectable after redaction — ~0 on a clean RED corpus, a leakage signal on a GREEN corpus.
Run it
Point it at a folder (recurses, processes every .md/.txt; skips confide's own
*.green.md / *.stats.json outputs):
python3 skills/audit/scripts/audit.py FOLDER
Options:
--list paths.txt— also/instead audit absolute paths listed one per line.--layers regex,natasha,llm— choose detection layers (default from config). Use--layers regexfor a fully offline, deterministic pass (no models/network).--out report.md— report path; areport.jsonsibling is written alongside.--html— also write a Tufte-ish dashboard (report.html, counts only).
Writes the markdown + json report (and optional HTML) and prints the aggregate summary — all counts only.
RED vs GREEN
- RED (raw) corpus: sizes the PII problem before any redaction.
- GREEN (redacted) corpus: the residual proxy and remaining
spans_by_typetell you whether redaction is holding at scale.
After running
- Report the aggregate summary (file count, span totals by type/layer, redaction-rate distribution, residual proxy) — never paste PII.
- If residual is non-trivial on a GREEN corpus, point the user at confide:anon to re-redact and confide:red to probe re-identification risk.
Setup
Layer availability (Natasha, local LLM via Ollama) comes from config — run
confide:setup if they aren't installed. --layers regex always works offline.
Related Skills
glebis/rigorous-experiments
development
VerifiedTrustedCommunity
This skill should be used when designing, running, validating, or auditing statistical experiments on personal or observational time-series data (health metrics, speech/text corpora, behavioral logs, diaries, n-of-1 self-tracking). It enforces pre-registration, exact permutation tests, FDR discipline, data-validation gates, adversarial code review, and cross-validation with external models. Triggers on "design an experiment", "test this hypothesis on my data", "is this correlation real", "audit these findings", "pre-register", "validate this dataset", or any n-of-1 / quantified-self analysis request.
251SKILL.mdUpdated Jun 7, 2026
glebis/tufte-report
development
VerifiedTrustedCommunity
Create Tufte-inspired data reports and infographic dashboards as standalone HTML files. Uses EB Garamond for text, Monaspace Argon for numbers, Chart.js for interactive charts, and inline SVG sparklines. Produces publication-quality reports with 2-column narrative+data layouts, status dashboards, scroll animations, and responsive mobile support. Use this skill whenever the user wants to create a data report, activity dashboard, infographic, personal analytics page, health tracker visualization, or any document that combines narrative text with interactive charts and tables. Also triggers for "make a report like Tufte", "create an infographic", "build a dashboard", "visualize my data", or requests for beautiful data-driven documents.
246SKILL.mdUpdated Apr 24, 2026
glebis/release
documentation
VerifiedTrustedCommunity
Cut a software release and maintain a tiered compatibility policy. Use when the user wants to release, ship a version, bump the version, tag a release, write a changelog, or update COMPATIBILITY. Config-driven via release.config.json; bumps version files, runs a readiness gate, updates COMPATIBILITY.md tiers and deprecations, tags (→ release workflow), and reports closed issues. Teaches the underlying standards as it runs.
242SKILL.mdUpdated Jun 4, 2026
glebis/library-sync
development
VerifiedTrustedCommunity
Sync and manage bilingual (EN/RU) library content for agency-docs. Use when adding, updating, or reviewing library articles. Handles translation, sync checks, and Russian stylistic review.
242SKILL.mdUpdated Jun 4, 2026