Gdpr
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a local GDPR audit-log helper, but anything entered into it may be saved in local logs and exports.
Reasonable to use if you want a local GDPR activity log. Before installing or using it, decide what data is appropriate to record, avoid actual passwords or API keys, and secure or delete logs and exports according to your retention policy.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to the local data directory or exported files could read sensitive compliance or personal-data records that users choose to log.
The skill intentionally creates persistent local records of GDPR and audit activity; those records could include personal data, consent decisions, access events, or credential-rotation details entered by the user.
All data is stored locally at `~/.local/share/gdpr/`. Each domain command writes to its own log file ... A unified `history.log` tracks all actions across commands. Use `export` to back up your data at any time.
Avoid entering raw secrets or unnecessary personal data, protect the local data directory, and review exported files before sharing them.