Privacy Compliance Guide
PassAudited by ClawScan on May 11, 2026.
Overview
This appears to be a benign, instruction-only privacy checklist; be careful with sensitive business details and verify legal advice before acting.
This skill looks safe from a code/security standpoint because it is instruction-only. When using it, do not paste raw customer records or unnecessary personal data, review any paid-tool recommendations before purchasing, and have legal counsel validate final privacy policies and compliance decisions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Business privacy practices, vendor lists, revenue ranges, and customer counts could be exposed if users paste or share the completed audit carelessly.
The template encourages users to provide business-sensitive compliance details. This is purpose-aligned, but such information may be sensitive if stored in chat history, shared outputs, or agent memory outside this skill.
| **Annual Revenue** | [Range — determines CCPA applicability] | ... | **Customer Count** | [Approximate — determines CCPA applicability] |
Use aggregated descriptions rather than raw customer records, avoid pasting unnecessary personal data, and store completed compliance outputs securely.
A user might mistake the generated checklist or policy guidance for definitive legal advice.
The guide frames its output as helping avoid fines. That is aligned with the skill purpose, but privacy compliance is legal and jurisdiction-specific, so users should not over-rely on the template as a guarantee.
Build a privacy-compliant e-commerce operation that protects customer data, avoids regulatory fines
Treat the skill as an educational planning aid and have a qualified privacy/legal professional review final policies and high-risk decisions.
Users cannot easily verify the maintainer, content source, or update process for changing privacy laws.
The skill has no code or install dependency risk, but the provenance of the compliance content is not documented.
Source: unknown; Homepage: none
Cross-check current legal thresholds and requirements against official regulator guidance or counsel before implementation.