glebis/red
confide/skills/red/SKILL.md
Residual re-identification RISK CHECK on text you have ALREADY redacted (defensive, dual-use). Use when the user asks to "check residual re-id risk", "red-team my redaction", "what can an attacker still infer", "is this safe to share", or assess "re-identification risk" after anonymizing. Re-runs the CONFIDE detectors on the redacted output to surface surviving identifiers (singling-out), checks multiple files for linkability, and optionally probes a local model for still-inferable attribute CATEGORIES (inference) — mapped to GDPR Art-29. Reports risk categories/counts only, never a re-identification recipe. Pairs with confide:anon (run AFTER redacting).
$ install --global
skillsauthnpx skillsauth add glebis/claude-skills redInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 2:04 AM61.3s2 files scanned
SKILL.md
- name:
- red
- description:
- >-
- never a re-identification recipe. Pairs with confide:
- anon (run AFTER redacting).
confide:red — residual re-identification risk check
A defensive audit of YOUR OWN already-redacted output. It does not score against ground truth and is not a benchmark. It surfaces, qualitatively, what an attacker could still do — mapped to GDPR Art-29: singling-out, linkability, inference.
GUARDRAILS — read before running
- Run only on the user's own redacted output. If asked to de-anonymize or re-identify third-party / non-consented data, refuse.
- Report risk categories and counts only — never produce a step-by-step re-identification recipe or guess the hidden values.
- Local attacker by default. Enable the cloud/LLM inference probe (
--inference) only on synthetic or explicitly consented data. - Absence of a finding ≠ safety. A weak local detector/attacker is a FLOOR, not a ceiling. Always tell the user human review is still required.
- This pairs with confide:anon — run
redafter redacting, on the redacted file.
What it checks
- Singling-out (deterministic, offline — the load-bearing signal): re-run
detect_regex(+detect_natashaif available) on the redacted text. Anything they still find is a surviving identifier the redaction missed. Counts by type. - Linkability (multi-file): given a folder, compare every file pair for shared surviving quasi-identifiers and flag potentially linkable pairs (count + types only).
- Inference (LLM, optional, opt-in): prompt the local attacker model
(
cfg.red_attacker_model) for the attribute categories it could still infer (profession, location type, age band, …). Degrades gracefully if no model. WARN the user it under-reports (floor, not ceiling).
Risk tier rule
- HIGH — any DIRECT identifier survives (EMAIL, PHONE, URL, ID, PERSON).
- MEDIUM — only QUASI identifiers survive (LOCATION, ORG, DATE, AGE, PROFESSION, MEDICATION), or linkable pairs exist across files.
- LOW — no surviving identifiers found (still NOT a guarantee).
How to run
# single redacted file (offline, deterministic)
python3 skills/red/scripts/red.py path/to/file.green.md
# a folder of redacted files (adds linkability)
python3 skills/red/scripts/red.py path/to/redacted_dir/
# add the local inference probe — synthetic/consented data ONLY
python3 skills/red/scripts/red.py path/to/file.green.md --inference
# machine-readable
python3 skills/red/scripts/red.py path/to/file.green.md --json
Output
A residual-risk report: per-file surviving-identifier counts by type, an overall risk tier, the inference categories claimed (if probed), the linkable-pair count, and the caveat that absence of a finding ≠ safety; human review still required. No PII values, no re-identification steps.
Related Skills
glebis/rigorous-experiments
development
VerifiedTrustedCommunity
This skill should be used when designing, running, validating, or auditing statistical experiments on personal or observational time-series data (health metrics, speech/text corpora, behavioral logs, diaries, n-of-1 self-tracking). It enforces pre-registration, exact permutation tests, FDR discipline, data-validation gates, adversarial code review, and cross-validation with external models. Triggers on "design an experiment", "test this hypothesis on my data", "is this correlation real", "audit these findings", "pre-register", "validate this dataset", or any n-of-1 / quantified-self analysis request.
251SKILL.mdUpdated Jun 7, 2026
glebis/tufte-report
development
VerifiedTrustedCommunity
Create Tufte-inspired data reports and infographic dashboards as standalone HTML files. Uses EB Garamond for text, Monaspace Argon for numbers, Chart.js for interactive charts, and inline SVG sparklines. Produces publication-quality reports with 2-column narrative+data layouts, status dashboards, scroll animations, and responsive mobile support. Use this skill whenever the user wants to create a data report, activity dashboard, infographic, personal analytics page, health tracker visualization, or any document that combines narrative text with interactive charts and tables. Also triggers for "make a report like Tufte", "create an infographic", "build a dashboard", "visualize my data", or requests for beautiful data-driven documents.
246SKILL.mdUpdated Apr 24, 2026
glebis/release
documentation
VerifiedTrustedCommunity
Cut a software release and maintain a tiered compatibility policy. Use when the user wants to release, ship a version, bump the version, tag a release, write a changelog, or update COMPATIBILITY. Config-driven via release.config.json; bumps version files, runs a readiness gate, updates COMPATIBILITY.md tiers and deprecations, tags (→ release workflow), and reports closed issues. Teaches the underlying standards as it runs.
242SKILL.mdUpdated Jun 4, 2026
glebis/library-sync
development
VerifiedTrustedCommunity
Sync and manage bilingual (EN/RU) library content for agency-docs. Use when adding, updating, or reviewing library articles. Handles translation, sync checks, and Russian stylistic review.
242SKILL.mdUpdated Jun 4, 2026