ClawHub

CCPA Privacy Checker

v1.0.0

Assess your business's compliance with California Consumer Privacy Act (CCPA) regulations and identify privacy governance gaps.

0· 80·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name, description, SKILL.md usage examples, and the openapi.json schema all align: the skill accepts a business-level assessment payload and returns a compliance report across 31 CCPA dimensions. There are no unrelated environment variables, binaries, or config paths requested that would be inconsistent with a compliance assessment tool. The only minor provenance issue is that 'source' and 'homepage' are missing, so origin is unknown but not contradictory to purpose.
Instruction Scope
The SKILL.md instructs the agent to accept an assessment JSON and return a compliance report — this stays within the stated scope and does not ask the agent to read files, environment variables, or unrelated system state. One ambiguity: the included openapi.json does not include any servers/host URL, so it's unclear where POST /ccpa-compliance would be sent at runtime; you should confirm the runtime endpoint before sending actual business or consumer data.
Install Mechanism
This is an instruction-only skill with no install specification and no code files that execute. No downloads, package installs, or extracted archives are present — lowest-risk installation footprint.
Credentials
The skill requests no environment variables, no credentials, and no file paths. Inputs are limited to business assessment fields (strings/booleans/arrays) appropriate for a compliance checker, so there is no disproportionate credential or secret access.
Persistence & Privilege
Skill flags use default settings (always: false, user-invocable: true, model invocation allowed). It does not request persistent presence or system-wide configuration changes. No indications it modifies other skills or agent configuration.
Assessment
This skill appears coherent and low-risk because it has no install steps, no credential requests, and its inputs match the CCPA assessment purpose. Before using it: (1) verify the skill's origin or developer (source/homepage are missing); (2) confirm where the API calls are sent (openapi.json has no server URL) so you do not accidentally transmit data to an unknown endpoint; (3) avoid submitting real consumer personal data or identifiable records — submit high-level, non-sensitive example data for testing; and (4) treat any results as advisory, not legal advice. If you plan to act on remediation recommendations, validate them with internal counsel or an external privacy lawyer.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fk6npy8w76ysg2nr4mgta1x83etym

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments