PrivacyScrubber PII Masker

Zero-Trust Data Sanitization (ZTDS) local PII and secrets scrubber for secure LLM pipelines.

Documentation

@privacyscrubber/mcp-server

NPM Version License: MIT smithery badge Security: 100% Local Parity: 100% Core Match

Zero-Trust Data Sanitization (ZTDS) Model Context Protocol (MCP) Server. Locally scrubs PII, secrets, credentials, and custom regex rules from files and text contexts before they reach remote LLM providers.


šŸ”’ Zero-Trust Data Flow

All sensitive parameters, identifiers, and variables are intercepted locally inside your machine's RAM. They are replaced by tokens (e.g. [EMAIL_1]) before being sent to the AI. Once the AI responds, the tokens are safely swapped back to original values in your local context.

[Raw Input / Files] ──> [MCP sanitize_text] ──> [Masked Tokens] ──> [LLM API]
                               │                                       │
                        (In-Memory Map)                             (Result)
                               │                                       │
[Original Output] <─── [MCP reveal_text] <ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜

šŸš€ Installation

1. Install via Smithery

To automatically configure and run with your preferred client, install using Smithery:

npx -y @smithery/cli install @privacyscrubber/mcp-server --write-to-clients

2. Instant Run with NPX

Run the server directly without local installation:

npx -y @privacyscrubber/mcp-server

āš™ļø Client Integrations

Claude Desktop

Add this to your Claude Desktop config file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "privacyscrubber": {
      "command": "npx",
      "args": ["-y", "@privacyscrubber/mcp-server"],
      "env": {
        "PRIVACYSCRUBBER_KEY": "YOUR_OPTIONAL_PRO_LICENSE_KEY"
      }
    }
  }
}

Cursor / Windsurf

  1. Navigate to Settings -> Features -> MCP.
  2. Add new MCP server:
    • Name: privacyscrubber
    • Type: command
    • Command: npx -y @privacyscrubber/mcp-server
  3. Optional: Set PRIVACYSCRUBBER_KEY as an environment variable in your system shell.

šŸ› ļø Provided Tools & JSON-RPC Specifications

1. sanitize_text

Redacts PII, secrets, API keys, and credentials from a text block and populates the volatile local replacement mapping.

  • Arguments:
    • text (string, required): The raw content or logs to sanitize.
    • profile (string, optional): Gated industry detection profile (e.g., 'General', 'Dev', 'Medical', 'Legal', 'Compliance'). Defaults to 'General'.
  • JSON-RPC Call Example:
    {
      "method": "tools/call",
      "params": {
        "name": "sanitize_text",
        "arguments": {
          "text": "Contact me at dev-key-1234 or jane.doe@company.com",
          "profile": "General"
        }
      }
    }
    
  • Response Example:
    {
      "content": [
        {
          "type": "text",
          "text": "Contact me at [SECRET_1] or [EMAIL_1]"
        }
      ]
    }
    

2. reveal_text

Detokenizes the AI response back to the original values locally.

  • Arguments:
    • text (string, required): The response from the LLM containing tokenized placeholders.
  • JSON-RPC Call Example:
    {
      "method": "tools/call",
      "params": {
        "name": "reveal_text",
        "arguments": {
          "text": "Please reach out to [EMAIL_1] regarding the update."
        }
      }
    }
    
  • Response Example:
    {
      "content": [
        {
          "type": "text",
          "text": "Please reach out to jane.doe@company.com regarding the update."
        }
      ]
    }
    

3. sanitize_file

Reads a local file, extracts text, sanitizes it, and returns the redacted template for LLM analysis.

  • Supported Formats: Plain text (source code, logs, CSV, JSON, markdown) and Microsoft Word (.docx) documents.
  • Arguments:
    • filePath (string, required): Absolute file path to read and sanitize.
    • profile (string, optional): The industry detection profile.

🌐 Browser Extension & Web Client

Looking for real-time protection directly inside your web browser?


šŸ“„ License & Commercial Upgrade

Standard use is free under the Free Tier (limits to the General PII profile). To unlock 22+ specialized industry profiles (DevOps, Medical, Legal, Finance) and custom regex rules, acquire a commercial license at privacyscrubber.com/pricing.