ClawHub

Privacy Compliance Guide

Security checks across malware telemetry and agentic risk

Overview

This is a privacy compliance guide made of markdown instructions and templates, with no evidence of hidden automation, credential use, persistence, or destructive behavior.

Safe to install as an advisory compliance skill. Treat it as operational guidance, not legal advice, and require explicit user approval before making real business changes such as deleting lists, changing retention settings, installing paid tools, or altering tracking behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
1. **Relying on "implied consent"** — Under GDPR, pre-checked boxes, continued browsing, or scroll-based consent are NOT valid. You need affirmative action (click "Accept") for non-essential cookies and marketing.

2. **Using purchased email lists** — This violates CAN-SPAM (if recipients haven't opted in) and GDPR (no consent basis). Delete purchased lists immediately and build organically.

3. **Firing tracking pixels before consent** — Many sites load Google Analytics and Facebook Pixel on page load, before the cookie banner is answered. This is a GDPR violation. Implement consent-gated loading.
Confidence
75% confidence
Finding
no consent

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
On marketplaces, the platform handles most customer-facing privacy (cookie consent, privacy policy for marketplace transactions). Your obligations:
- Maintain your own privacy policy for your seller profile/About page
- Comply with marketplace data use policies (don't use buyer data for unauthorized purposes)
- Don't export buyer data to external marketing lists without consent
- Handle any direct customer communications (support emails) in compliance with CAN-SPAM/GDPR
- Maintain DPAs with your own tools that process marketplace order data
Confidence
75% confidence
Finding
without consent

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal