Gdpr Dsgvo Expert
v2.1.1GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GD...
⭐ 3· 1.8k·9 current·9 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (GDPR/DSGVO automation) align with the included scripts and reference docs. The three scripts implement a compliance scanner, DPIA generator, and DSR tracker as advertised; no unrelated credentials, binaries, or unexpected OS-level access are requested.
Instruction Scope
SKILL.md instructs the agent/user to scan arbitrary project directories and run the included scripts. This is expected, but the scanner will read many file types (including .env and config files) and the DSR tracker persists requests to a local JSON file; both behaviors can surface sensitive data and should be run only on repositories/systems you control.
Install Mechanism
No install spec is provided (instruction-only), and the code files are plain Python scripts. Nothing is downloaded or installed automatically as part of the skill, so there is low install risk. The user runs the scripts explicitly.
Credentials
The skill declares no required environment variables or credentials and does not appear to access system credentials. The scanner intentionally examines files (including .env and config files) which is proportionate to scanning for personal data but means it can surface secrets if run against sensitive directories.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It does create and update local artifacts (e.g., dsr_requests.json, report files) in the working directory; these are normal but note they are stored in plaintext by the included scripts.
Assessment
This package appears to do what it says, but take precautions before running it: 1) Run the tools only on codebases you control or in a sandbox/container — the scanner will read many file types (including .env) and can reveal secrets. 2) Protect any generated DSR data files (dsr_requests.json) and reports; the tracker stores requests in plaintext by default. 3) Review and adapt the identity-verification and retention workflows before using the tracker in production (the script records status but does not implement robust verification or access controls). 4) Treat findings as guidance — false positives are possible (regex-based scanning). 5) If you need remote/network integration, review and add secure transport and auth rather than exposing findings or PII. If you want, I can point out specific lines in the scripts that read .env/config files, where files are written, and where you should add encryption or access controls.Like a lobster shell, security has layers — review code before you run it.
latestvk97cmjbxkw8p5s7w1bp8rmmgtn82j766
License
MIT-0
Free to use, modify, and redistribute. No attribution required.