Is io.github.Edu963/ocultar-pii safe to use?

io.github.Edu963/ocultar-pii has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.Edu963/ocultar-pii?

io.github.Edu963/ocultar-pii can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.Edu963/ocultar-pii?

io.github.Edu963/ocultar-pii is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.Edu963/ocultar-pii actively maintained?

io.github.Edu963/ocultar-pii is actively maintained — last commit was 0 days ago. It has 3 GitHub stars.

io.github.Edu963/ocultar-pii

Zero-egress PII redaction for Claude. Runs locally — no data leaves your infrastructure.

3 0 tools GitHub

No known CVEs

No license

Actively maintained

Last commit 0d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

AI / ML DevOps

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-edu963-ocultar-pii": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-edu963-ocultar-pii)](https://mcppedia.org/s/io-github-edu963-ocultar-pii)

Read me

What io.github.Edu963/ocultar-pii does

Zero-egress PII refinery for AI pipelines. Runs in your infrastructure. Your data never leaves.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

36/100across 5 weighted dimensions

How we score →

0255075100

−64

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.Edu963/ocultar-pii safe to use?: io.github.Edu963/ocultar-pii has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.Edu963/ocultar-pii?: io.github.Edu963/ocultar-pii can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.Edu963/ocultar-pii?: io.github.Edu963/ocultar-pii is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.Edu963/ocultar-pii actively maintained?: io.github.Edu963/ocultar-pii is actively maintained — last commit was 0 days ago. It has 3 GitHub stars.

Similar servers

Others in ai-ml / devops

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

Mcp Gitlab96

MCP server for using the GitLab API

1.5k 12

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

15.1k 6

Gemini Cli95

An open-source AI agent that brings the power of Gemini directly into your terminal.

104.3k 8

MCP Security Weekly

Get CVE alerts and security updates for io.github.Edu963/ocultar-pii and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

AI / ML DevOps

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-edu963-ocultar-pii": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-edu963-ocultar-pii)](https://mcppedia.org/s/io-github-edu963-ocultar-pii)

Read me

What io.github.Edu963/ocultar-pii does

Zero-egress PII refinery for AI pipelines. Runs in your infrastructure. Your data never leaves.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

🛡️ OCULTAR Monorepo

Zero-egress PII refinery for AI pipelines. Runs in your infrastructure. Your data never leaves.

[!IMPORTANT] Featured Article: OpenAI shipped a model. We built the system. 📖 OpenAI shipped a model. We built the system. Read on dev.to

Quick Security Stats

Stat	Value
SSRF bypass vectors found + fixed	2
Fail-closed scenarios tested	6
Vault persistence	Named Docker volume
Tier 2 engine	OpenAI Privacy Filter (Apache 2.0)
Key management	Doppler

Welcome to the Unified OCULTAR Engine. This monorepo contains the core refinery, integrated applications, and enterprise security tiers.

Structure

/apps/ - Applications (Proxy, Sombra Gateway, SLM Engine, Dashboard, Automation Bridge, Web)
/services/ - Core backend logic (Refinery, Vault, Mock API)
/enterprise/ - Enterprise security extensions & licensing logic
/internal/pii/ - Centralized PII detection engine & registry
/extensions/ - Third-party AI tool integrations (Goose MCP, etc.)
/docs/ - Technical and product documentation
/security/ - Regulatory policies and integrity manifests

Security Model

OCULTAR is built on a Zero-Trust for Data architecture. It is designed for senior security engineers who require verifiable guarantees before connecting internal data to external AI providers.

Zero-Egress: A hard architectural guarantee. All PII detection and tokenization happen within your trust boundary. No network calls are made to third-party detection providers.
Fail-Closed: 6 critical failure modes are rigorously tested (SLM timeout, vault failure, empty boot-guard, queue saturation, refinery internal error, re-hydration failure). In all cases, OCULTAR blocks the request rather than degrading to plaintext exposure.
SSRF Protection: Hardened IP/DNS validation blocking RFC 1918 and 169.254.169.254 (IMDS) ranges with active DNS rebinding safety. 2 bypass vectors (including IPv6 loopback and non-standard decimal encoding) were identified and patched during adversarial testing.
Secure Vault: AES-256-GCM encryption with keys derived via HKDF-SHA256. The vault is persisted via a named Docker volume to survive redeployments while keeping the master key in memory.
Ed25519 Audit Logs: Tamper-proof, hash-chained audit trails signed with Ed25519. Every vault event (matching or vaulting) is logged for SIEM ingestion and compliance verification.

Multi-Tier Refinery Pipeline

Tokenization is handled via a defense-in-depth pipeline that runs before any payload reaches an upstream AI provider.

Tier	Shield	Technical Description
0.1	Base64 Evasion	Decodes, scans, and re-encodes PII hidden inside Base64/JWT blobs.
0	Dictionary	High-speed protection for VIPs, internal projects, and sensitive org names.
0.5	Pattern + Entropy	Shannon scoring for high-entropy strings, catching keys and tokens.
1	Rule Engine	EMAIL, SSN, IBAN (MOD97), CC (Luhn mod-10), 50+ national ID types.
1.1	Phone Shield	libphonenumb

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

36/100across 5 weighted dimensions

How we score →

0255075100

−64

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.Edu963/ocultar-pii safe to use?: io.github.Edu963/ocultar-pii has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.Edu963/ocultar-pii?: io.github.Edu963/ocultar-pii can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.Edu963/ocultar-pii?: io.github.Edu963/ocultar-pii is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.Edu963/ocultar-pii actively maintained?: io.github.Edu963/ocultar-pii is actively maintained — last commit was 0 days ago. It has 3 GitHub stars.