by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This package appears coherent and local-only, but take standard precautions before use: (1) run it in an isolated/test environment (python venv) and inspect or run the included security_check_gdpr.py as recommended; (2) review any remaining/omitted files (only parts were shown) for unexpected network calls or subprocess usage; (3) when running with real data, back up data and avoid running as an elevated user; (4) be aware scripts will write files to paths you provide and the template engine wil...详细分析 ▾
✓ 用途与能力
Name/description (GDPR compliance, DPIA, data-subject rights, cross-border transfer) align with the included scripts (gdpr-check.py, dpia-generator.py, data-subject-rights.py, cross-border-transfer.py) and templates. Declared dependencies (pandas, jinja2) are reasonable for analysis and template generation. Minor inconsistency: the top-level skill name contains a typo ('GPDR') while package name and code use 'gdpr', but this is cosmetic.
ℹ 指令范围
SKILL.md promises local-only behavior, only reading references and writing JSON reports; the provided scripts show only local file I/O and template generation (no network libraries in inspected files). One practical caveat: several scripts accept output paths and will create/write files (e.g., save_template, TemplateEngine.save_document) without prompting for explicit user confirmation — SKILL.md states 'all operations need explicit user authorization', but the code does not implement interactive permission checks in non-interactive runs. Also the template engine will create assets/templates directories under the skill path (template_dir.mkdir), which is a benign filesystem write but should be noted as a write operation.
✓ 安装机制
No install spec is provided (instruction-only from platform perspective) and the package contains code that runs locally. This is low risk compared to remote-download installers. requirements.txt lists only pandas and jinja2 (well-known PyPI packages). No evidence of downloads from arbitrary URLs or archive extraction in the provided files.
✓ 凭证需求
The skill requires no environment variables, no credentials, and no special config paths. The dependency list and requested functionality are proportionate to generating reports and running checks locally. No broad credential access or unrelated secret requests were observed.
✓ 持久化与权限
Skill metadata flags are standard (always:false, user-invocable:true, model invocation enabled). The skill does not request permanent presence or modify other skills. File writes are local report/template generation; no evidence of modifying system-wide agent settings or other skills' configs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.32026/3/25
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install gpdr-compliance
镜像加速npx clawhub@latest install gpdr-compliance --registry https://cn.longxiaskill.com