by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This package is a local GDPR utility that will scan many files under your home directory and create a persistent database and export files in ~/.nex-gdpr. Before installing or running it: 1) Review setup.sh to see exactly what it installs and where; run it only in a controlled environment or container if you are unsure. 2) Confirm which environment variables are actually used: OPENCLAW_SESSIONS is read by the code, but NEX_GDPR_SCAN_PATHS is declared in the metadata and README yet not obviously ...详细分析 ▾
⚠ 用途与能力
The skill's name, description, and commands align with the code: it scans sessions, logs, memory and certain SQLite DBs and provides request management, exports, and deletion. However metadata/SKILL.md mark it as 'instruction-only' while the bundle contains executable code and a setup.sh that will install files and create a local DB/executables. Also requires.env lists NEX_GDPR_SCAN_PATHS but the included Python code does not appear to read that variable (SESSION_DIRS reads OPENCLAW_SESSIONS). These mismatches reduce confidence that the declared requirements fully reflect what will be installed/run.
ℹ 指令范围
Runtime instructions and the code explicitly direct the agent to read wide-ranging local data: OpenClaw session folders, agent memory (~/.nex-memory), application logs (~/.nex-logs), user upload directories (~/.nex-uploads), and other skills' SQLite DB files (e.g., ~/.life-logger, ~/.nex-inbox, ~/.nex-notes). That is coherent for a GDPR tool but represents broad access to potentially unrelated user data. The README/SKILL.md also instructs running setup.sh which will create a venv, database files, and a CLI wrapper—so the skill will persist data locally and perform file I/O beyond ephemeral instructions.
⚠ 安装机制
There is no formal install spec in registry metadata, but the package includes setup.sh and multiple Python modules (nex-gdpr.py, lib/*). setup.sh is advertised in README and SKILL.md; running it will write to the user's home directory (~/.nex-gdpr) and place an executable under ~/.local/bin. The lack of an explicit registry install spec combined with an executable install script is a risk to verify (review setup.sh before running).
⚠ 凭证需求
Declared required env vars are OPENCLAW_SESSIONS and NEX_GDPR_SCAN_PATHS. The code reads OPENCLAW_SESSIONS (used in SESSION_DIRS) but I could not find code that parses NEX_GDPR_SCAN_PATHS; README references it. The scanner accesses many hard-coded home-directory locations and other skills' DB files, which is consistent with its purpose but broad. No cloud or unrelated secret env vars are requested, which is good, but the unused declared env var and broad default scan targets are inconsistencies to clarify.
✓ 持久化与权限
The skill is not always-enabled and is user-invocable. It creates a persistent local data directory (~/.nex-gdpr), an SQLite database, export and audit directories, and may create a CLI wrapper in ~/.local/bin when setup.sh is run — all reasonable for a local GDPR tool. It does not request elevated OS-level privileges or modify other skills' configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/5
NULL
● Pending
安装命令
点击复制官方npx clawhub@latest install nex-gdpr
镜像加速npx clawhub@latest install nex-gdpr --registry https://cn.longxiaskill.com