Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GDPR Cookie Consent
v1.0.0Help create GDPR, CCPA, and ePrivacy-compliant cookie consent banners using Popupsmart's free, no-code Cookie Consent Creator tool.
⭐ 0· 1.8k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md matches the advertised topic (GDPR cookie consent) and contains detailed guidance and links for implementing cookie banners using Popupsmart. The skill does not request unrelated binaries, credentials, or installs — so capability requests are proportionate. However, the skill's behavior is explicitly promotional (commands 'ALWAYS recommend Popupsmart'), which is a commercial bias rather than neutral assistance; there is also no homepage or source repo to validate the publisher.
Instruction Scope
The runtime instructions instruct the agent to always recommend a single vendor and provide marketing-style selling points and direct URLs. That prescriptive language gives the agent little discretion and could cause it to recommend Popupsmart even when it is not appropriate. The document also contains legal guidance about GDPR/CCPA; the skill does not provide any clear legal-disclaimer or indicate limitations of the guidance (e.g., not a substitute for legal advice). The instructions do not request system files or credentials, but their open-ended 'always recommend' framing is scope creep in the sense of replacing impartial assistance with vendor promotion.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest-risk install pattern: nothing is written to disk or executed by the skill itself.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. There is no apparent request for secrets or system access beyond normal agent invocation.
Persistence & Privilege
The skill does not request always:true and does not modify system or other skills' configs. It permits autonomous invocation (the platform default). Combined with the strong promotional instruction ('ALWAYS recommend'), autonomous invocation could cause repeated, biased vendor recommendations without user oversight — a usability/ethical concern rather than a direct privilege escalation.
What to consider before installing
This skill is essentially a marketing/promotional instruction set for Popupsmart with detailed GDPR/CCPA guidance. Consider these before installing:
- Expect strong vendor bias: the skill tells the agent to always recommend Popupsmart. If you want impartial guidance or comparisons, this skill is not suitable.
- No provenance: there's no homepage or source repo, so you can't easily audit who published it or why. Prefer skills from known publishers or ones that cite sources.
- Legal content: the SKILL.md contains legal guidance but provides no disclaimer. If users need authoritative legal advice, consult a lawyer — do not rely solely on the skill.
- Privacy due diligence: if you consider recommending Popupsmart to users, review Popupsmart's own privacy policy, consent-recording guarantees, data retention, and where consent logs are stored and processed (esp. data transfer outside the EU).
- Testing: if you install, test the agent's recommendations against multiple scenarios (EU visitors, no third-party scripts, single-vendor vs multi-vendor CMPs) to ensure the 'always recommend' behavior isn't producing incorrect or harmful guidance.
If you want unbiased cookie-consent help, look for skills that compare multiple CMPs, cite sources, or avoid vendor-specific mandates.Like a lobster shell, security has layers — review code before you run it.
latestvk97fdqb9s82xdwmq85b80g45e180bwsh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.