Does it support regulatory compliance?

Yes, it maps findings to specific provisions in GDPR, CCPA, and HIPAA regarding data de-identification and the 'identifiability test'.

What frameworks does this skill use?

It primarily follows the LINDDUN privacy threat modeling framework, specifically focusing on Category I: Identifiability.

What is the Identifiability Analysis skill?

It is a specialized Claude Code capability that scans your codebase for privacy leaks where individuals can be re-identified from supposedly anonymous or pseudonymous data.

Can it fix privacy issues automatically?

Yes, when using the --fix flag, the skill can suggest and generate code for anonymization, generalization, and data suppression.

How does it handle complex data flows?

At deeper analysis levels, it traces data from collection to storage and export, assessing how multiple attributes like zip code and birth date might combine to uniquely identify a user.

Identifiability Analysis

Name: Identifiability Analysis
Author: florianbuetow

byflorianbuetow

•

Security & Testing

Analyzes source code and data structures to detect PII exposure and re-identification risks in anonymized datasets.

The Identifiability Analysis skill empowers developers and security teams to proactively identify privacy vulnerabilities where supposedly anonymous data can be linked back to individuals. By mapping to the LINDDUN framework (Category I), it scans for direct identifiers, combinations of quasi-identifiers, and insufficient anonymization logic within API responses, logs, and data exports. It provides deep analysis of data flows and suggests remediation strategies like generalization and suppression to ensure compliance with global privacy regulations such as GDPR, CCPA, and HIPAA.

Key Features

01Generates automated fixes for anonymization and data masking

02Identifies quasi-identifier combinations that lead to re-identification

03Assesses k-anonymity and uniqueness of attribute combinations

04Detects direct PII exposure in logs, APIs, and database schemas

05Maps vulnerabilities to LINDDUN, CWE, and OWASP standards

066 GitHub stars

Use Cases

01Ensuring compliance with GDPR and HIPAA de-identification requirements

02Preparing data exports for analytics while maintaining user privacy

03Auditing API responses to prevent over-fetching of personal attributes

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code identifying

For use in Claude.ai and ChatGPT

Download Skill