YinShield Privacy layer for AI workflows

Local-first privacy for agents and LLM calls

Open source · Apache-2.0

Mask sensitive Chinese data before it ever leaves the machine.

YinShield sits between your app and the model. It detects Chinese PII locally, replaces it with placeholders or stable aliases, and restores the response after inference. It ships as a Python package, a local HTTP bridge, and a thin OpenClaw plugin.

Start In 2 Minutes
OpenClaw Setup Read Docs View GitHub
  • Chinese PII ready
  • Placeholder and alias modes
  • OpenClaw and OpenAI-compatible flows
  • Token-protected local bridge

Local masking example

Raw input

收件人:张三,手机号13812345678,地址北京市朝阳区建国路88号。

Masked for model

收件人:<PERSON_1>,手机号<PHONE_1>,地址<ADDRESS_1>。

Restored for user

收件人:张三,手机号13812345678,地址北京市朝阳区建国路88号。
3 shipping forms
2 replacement modes
1 local privacy boundary
Mask locally, call the model, restore only after inference returns.

Why it exists

Most privacy tools are platforms. YinShield is the layer you can actually ship.

You do not need a vault, a data pipeline, or a control plane to start protecting prompts. You need a local layer that developers can install fast and agents can call consistently.

Built for current workflows

Three shipping forms, one local privacy boundary.

Start with the Python package, bridge into other runtimes over local HTTP, and plug into OpenClaw when you need agent-native integration.

  • Python package
  • Local HTTP bridge
  • OpenClaw plugin

Quick start

Install once, keep the privacy boundary local.

OpenClaw

curl -fsSL https://yin-shield.site/setup-openclaw-yinshield.sh | bash

Python

from yinshield import Shield

shield = Shield(mode="alias", strategy="balanced")
masked, mapping = shield.mask("我叫张三,手机号13812345678")
restored = shield.unmask(masked, mapping)

Workflow

A narrow path with a clear boundary.

01

Detect locally

Recognize Chinese names, phones, ID cards, addresses, company IDs, order numbers, and more before the request leaves the host.

02

Replace intelligently

Choose strict placeholders for control or stable aliases for better semantic preservation. Persist sessions to keep multi-turn consistency.

03

Restore after inference

Send masked content to the model, then unmask the result for the operator or end user on the local side.

Integrations

Designed for where agents actually run.

The homepage keeps the shape simple. Full config, auth, and API details live in Docs.

OpenClaw plugin

Use YinShield as a thin privacy tool layer inside OpenClaw. Keep the plugin small and the masking engine in Python.

{
  "plugins": {
    "entries": {
      "openclaw-yinshield": {
        "enabled": true,
        "config": {
          "baseUrl": "http://127.0.0.1:27811",
          "mode": "placeholder",
          "authToken": "change-me"
        }
      }
    }
  }
}

See the full OpenClaw integration guide →

HTTP bridge

Bridge any local runtime with a simple API. This is the cleanest path for agent frameworks that do not want a Python dependency inside the host process.

POST /health
POST /mask
POST /unmask
POST /messages/mask

OpenAI-compatible clients

Wrap chat and responses flows with automatic masking, unmasking, streaming support, and provider compatibility through base_url.

client = ShieldedOpenAI(
  api_key="...",
  base_url="https://api.openai.com/v1"
)

Modes and strategy

Control the tradeoff instead of hard-coding one.

Placeholder mode

Best when you want deterministic masking and maximum control over what the model sees.

张三 → <PERSON_1>

Alias mode

Best when downstream reasoning needs more natural text and stable identities across turns.

张三 → 陈明

Policy strategy

loose, balanced, and strict give you control over coverage versus false positives.

balanced is the default