ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Etalon GDPR Scan

v0.9.6

Full GDPR compliance audit for any website or codebase using the ETALON CLI. Scans for trackers (111k+ domain database), tests consent violations, checks pri...

0· 71·1 current·1 all-time
byNico Lumma@rednix
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the instructions: the skill instructs the agent to run the etalon CLI (scan, consent-check, policy-check, audit, generate-policy). Requiring a local 'etalon' binary is appropriate for this purpose.
Instruction Scope
Instructions stay within the stated purpose (running etalon commands against URLs or local code). Two things to note: (1) some outputs mention delivery as a 'structured WhatsApp message' — the skill does not declare any WhatsApp integration or credentials, so delivery is an output format suggestion rather than an automated external send; confirm how your agent will actually transmit results. (2) The audit actions include scanning local codebases and DB schemas (etalon audit ./), which requires the agent to have filesystem access and may expose PII — ensure you intend to allow that.
Install Mechanism
The skill is instruction-only and does not auto-install anything. It recommends 'cargo install etalon-cli' (a reasonable, traceable install method for a Rust CLI). There is no opaque download URL or archive extraction specified in the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. This matches the stated local-CLI usage.
Persistence & Privilege
The skill is not force-installed (always: false) and is user-invocable. It does not request persistent elevated privileges or to modify other skills or system-wide settings.
Assessment
This skill delegates work to the external 'etalon-cli' binary. Before installing or running it: (1) verify the etalon-cli source/repository and review its network behavior (ensure it truly runs locally and doesn't phone home unexpectedly); (2) be cautious when running audits against private codebases or databases — outputs can include PII and file paths; restrict where reports are stored or sent; (3) confirm and document consent before scanning competitors or third-party sites; (4) if you expect results to be forwarded (e.g., WhatsApp), verify which messaging integrations the agent will use and whether credentials are required; (5) prefer installing the CLI from the official repo/release and inspect its code if you require high assurance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fvs30vt3a5h79k6kred9qr583anab

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments