CloakLLM MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add cloakllm -- uvx mcp run /path/to/cloakllm-mcp/server.py
README.md

Wraps CloakLLM's Python SDK to provide tools for PII detection and cloaking.

CloakLLM MCP Server

MCP server that wraps CloakLLM's Python SDK as tools for Claude Desktop and other MCP-compatible clients.

Tools

Tool Description
sanitize Detect & cloak PII, return sanitized text + token map ID + entity_details. Pass mode: "redact" for irreversible PII removal (no token_map_id returned).
desanitize Restore original values using a token map ID
analyze Detect PII without cloaking (pure analysis)

Install

cd cloakllm-mcp
pip install -e .

Claude Desktop Configuration

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "cloakllm": {
      "command": "python",
      "args": ["/path/to/cloakllm-mcp/server.py"],
      "env": {
        "CLOAKLLM_LOG_DIR": "./cloakllm_audit",
        "CLOAKLLM_LLM_DETECTION": "false"
      }
    }
  }
}

Or using uvx:

{
  "mcpServers": {
    "cloakllm": {
      "command": "uvx",
      "args": ["mcp", "run", "/path/to/cloakllm-mcp/server.py"]
    }
  }
}

Usage Examples

Sanitize text before sending to an LLM

Tool call: sanitize

{
  "text": "Email john@acme.com about the meeting with Sarah Johnson at 742 Evergreen Terrace",
  "model": "claude-sonnet-4-20250514",
  "token_map_id": "optional-id-for-multi-turn"
}

Multi-turn: Pass the token_map_id from a previous sanitize response to reuse the same token map across conversation turns. The same PII will always map to the same token.

Response:

{
  "sanitized": "Email [EMAIL_0] about the meeting with [PERSON_0] at 742 Evergreen Terrace",
  "token_map_id": "a1b2c3d4-...",
  "entity_count": 2,
  "categories": {"EMAIL": 1, "PERSON": 1},
  "entity_details": [
    {"category": "EMAIL", "start": 6, "end": 19, "length": 13, "confidence": 0.95, "source": "regex", "token": "[EMAIL_0]"},
    {"category": "PERSON", "start": 42, "end": 56, "length": 14, "confidence": 0.85, "source": "spacy", "token": "[PERSON_0]"}
  ]
}

Restore original values

Tool call: desanitize

{
  "text": "I've drafted an email to [EMAIL_0] regarding [PERSON_0]'s request.",
  "token_map_id": "a1b2c3d4-..."
}

Response:

{
  "restored": "I've drafted an email to john@acme.com regarding Sarah Johnson's request."
}

Analyze text for PII (no cloaking)

Tool call: analyze

{
  "text": "Contact john@acme.com, SSN 123-45-6789"
}

Response:

{
  "entity_count": 2,
  "entities": [
    {"text": "john@acme.com", "category": "EMAIL", "start": 8, "end": 21, "confidence": 0.95, "source": "regex"},
    {"text": "123-45-6789", "category": "SSN", "start": 27, "end": 38, "confidence": 0.95, "source": "regex"}
  ]
}

Environment Variables

Variable Default Description
CLOAKLLM_LOG_DIR ./cloakllm_audit Audit log directory
CLOAKLLM_AUDIT_ENABLED true Enable/disable audit logging
CLOAKLLM_SPACY_MODEL en_core_web_sm spaCy model for NER
CLOAKLLM_LLM_DETECTION false Enable LLM-based detection
CLOAKLLM_LLM_MODEL llama3.2 Ollama model for LLM detection
CLOAKLLM_OLLAMA_URL http://localhost:11434 Ollama endpoint

Testing

# Test with MCP inspector
python -m mcp dev server.py

# Or run directly
python server.py

See Also

License

MIT

Tools (3)

sanitizeDetect and cloak PII, returning sanitized text, a token map ID, and entity details.
desanitizeRestore original values using a token map ID.
analyzeDetect PII without cloaking.

Environment Variables

CLOAKLLM_LOG_DIRAudit log directory
CLOAKLLM_AUDIT_ENABLEDEnable/disable audit logging
CLOAKLLM_SPACY_MODELspaCy model for NER
CLOAKLLM_LLM_DETECTIONEnable LLM-based detection
CLOAKLLM_LLM_MODELOllama model for LLM detection
CLOAKLLM_OLLAMA_URLOllama endpoint

Configuration

claude_desktop_config.json
{"mcpServers": {"cloakllm": {"command": "python", "args": ["/path/to/cloakllm-mcp/server.py"], "env": {"CLOAKLLM_LOG_DIR": "./cloakllm_audit", "CLOAKLLM_LLM_DETECTION": "false"}}}}

Try it

Sanitize the following text containing customer emails and addresses before I send it to Claude: [text]
Analyze this document for any PII and list the categories found.
Restore the original values in this text using the token map ID a1b2c3d4.
Sanitize this text for a multi-turn conversation using the existing token map ID.

Frequently Asked Questions

What are the key features of CloakLLM?

Detects and cloaks PII using spaCy or LLM-based detection. Supports irreversible redaction mode. Restores original data using unique token map IDs. Maintains PII consistency across multi-turn conversations. Provides detailed entity analysis including confidence scores.

What can I use CloakLLM for?

Sanitizing sensitive customer data before processing with an LLM. Ensuring privacy compliance by redacting PII from logs or datasets. Maintaining conversation context while keeping sensitive identifiers masked. Auditing text for potential PII leaks before external sharing.

How do I install CloakLLM?

Install CloakLLM by running: pip install -e .

What MCP clients work with CloakLLM?

CloakLLM works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep CloakLLM docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all ai-tools servers →

Related MCP Servers

Skill Seekers
The data layer for AI systems.
ai-tools11.1K stars
Context Mode
The other half of the context problem.
ai-tools5.6K stars
Semiotic
A React data visualization library designed for AI-assisted development.
ai-tools2.6K stars
RocketRide
Self-hosted, open-source AI pipeline platform for MCP tools
ai-tools1.6K stars
Context+
Semantic Intelligence for Large-Scale Engineering.
ai-tools1.5K stars
ShipSwift
AI-native SwiftUI component library — production-ready code for LLMs
ai-tools1.3K stars