ClawHub

Gdpr Dsgvo Expert

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local GDPR/DSGVO helper, but its outputs and request database may contain personal data and should be protected.

Install only if you are comfortable running local Python tools over selected project folders. Use narrow scan paths, review reports before sharing them, and protect or delete dsr_requests.json and generated outputs because they may contain personal data, emails, notes, deadlines, and compliance findings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation instructs users to run local Python scripts that scan project directories, generate reports, track requests, and write output files, which implies file read/write capability and potentially network access, yet no permissions are declared. This creates a transparency and trust problem: an agent or user may invoke functionality with broader access than the skill metadata advertises, increasing the chance of unintended data exposure when scanning source trees or handling personal data in GDPR workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The tracker stores data subject names, email addresses, request details, notes, and workflow metadata in a plain local JSON file without access controls, encryption, minimization, or user warning. In a GDPR rights-management context, this is particularly sensitive because the tool is explicitly designed to process privacy-related requests, so insecure local persistence increases the risk of unauthorized disclosure of personal data and compliance failures.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal