PII Scanner

April 30, 2026 · View on GitHub

Scan files, directories, or git repositories for personally identifiable information — credentials, generic PII, and matches against your own personal PII inventory.

What it does

Three layers of detection:

  1. Credentials & secrets via gitleaks (or trufflehog fallback).
  2. Generic PII via Microsoft Presidio (emails, phones, addresses, names, ID numbers, IPs, IBANs, credit cards, etc.).
  3. Personal-inventory matches — your own real PII (home address, family names, personal phone, ID numbers) loaded from a private YAML inventory you maintain locally. Matches against your own data in public repos are flagged HIGH severity.

Read-only — never modifies any file.

Skills

  • pii-scan — scan a file, directory, or one-or-many git repositories. Cross-references your personal PII inventory and produces a redacted, severity-ranked report.

Personal PII inventory

Stored locally at:

${CLAUDE_USER_DATA:-${XDG_DATA_HOME:-$HOME/.local/share}/claude-plugins}/pii-scanner/pii-inventory/personal.yaml

The skill scaffolds this file on first run and walks you through filling it. The inventory is never sent anywhere.

Dependencies

  • gitleaksapt install gitleaks or download from GitHub releases.
  • presidio-analyzerpip install presidio-analyzer presidio-anonymizer && python -m spacy download en_core_web_lg.

Both are optional; at least one should be present. With neither, the skill falls back to a basic regex sweep and warns that the scan is degraded.

Installation

# Always-available:
claude plugins install pii-scanner@danielrosehill

# Or scoped to a single project:
claude plugins install pii-scanner@danielrosehill --scope project

License

MIT