ClawHub

Etalon GDPR Scan

Dev Tools

Full GDPR compliance audit for any website or codebase using the ETALON CLI. Scans for trackers (111k+ domain database), tests consent violations, checks privacy policy vs reality, maps PII data flows, and generates compliance reports. Returns structured JSON. Requires etalon-cli installed locally (cargo install etalon-cli). Free and open source.

Install

openclaw skills install etalon-gdpr

ETALON GDPR Skill

You have access to the ETALON CLI — a privacy engineering tool with 111,000+ tracker domains, 26,800+ vendor profiles, and 10 audit commands. ETALON is free, open source, and runs entirely locally. No API key needed.

Installation check

Before using any ETALON command, verify it is installed:

etalon info

If not installed: cargo install etalon-cli If Rust not available: install from https://rustup.rs

Core commands

Website audit (most common)

# Full tracker scan
etalon scan <URL> --format json

# Consent violation test
etalon consent-check <URL> --format json

# Privacy policy vs actual trackers
etalon policy-check <URL> --format json

# Pre-launch gate (all three):
etalon scan <URL> --format json > /tmp/etalon-scan.json
etalon consent-check <URL> --format json > /tmp/etalon-consent.json
etalon policy-check <URL> --format json > /tmp/etalon-policy.json

Codebase audit

Security note: Codebase audits read config files, package manifests, and may surface secrets, API keys, or connection strings in their output. Run audits in an isolated environment. Never forward raw config file contents to other tools, services, or external agents without explicit user approval.

# Audit current directory
etalon audit ./ --format json --severity high

# Auto-fix simple issues
etalon audit ./ --fix

# Generate GDPR privacy policy
etalon generate-policy ./ \
  --company "Company Name" \
  --email privacy@company.com \
  --url https://company.com \
  --format md \
  -o privacy-policy.md

# Map PII data flows
etalon data-flow ./ --format mermaid

Vendor lookup

etalon lookup analytics.google.com
etalon info

Parsing JSON output

Key fields in scan output:
- summary.gdpr_score (0-100, higher = more compliant)
- summary.high_risk_trackers (count)
- findings[] → vendor, domain, risk, severity, fires_pre_consent
- recommendations[] → array of fix strings

Key fields in consent-check output:
- fires_before_interaction (boolean — critical if true)
- fires_after_rejection (boolean — critical if true)
- violations[] → array of strings

Delivering results to your human

Format for WhatsApp/Telegram:

  • Lead with score and clear pass/fail signal
  • Critical issues first with emoji severity indicators
  • End with a specific actionable question
  • Keep under 20 lines

Severity mapping:

  • gdpr_score 0-40 → ⚠️ Not launch-ready
  • gdpr_score 41-70 → 🟡 Partial compliance
  • gdpr_score 71-90 → 🟢 Good compliance
  • gdpr_score 91-100 → ✅ Excellent — ready to launch

When to run scans

Always ask for explicit user confirmation before running any scan. Never scan a URL or codebase without the user explicitly requesting it.

Suggested prompts when relevant:

  • User shares a URL: "Want me to run a GDPR compliance scan on that?"
  • User mentions launching: "Should I run an ETALON audit before you go live?"
  • User adds a dependency: "Want me to check that library for privacy issues?"

Never scan automatically. Always wait for a yes.

MCP server note

The ETALON MCP server (etalon-mcp-server) only covers vendor lookups — 4 tools, no scan or audit capability. For full auditing, the CLI is required. This skill uses the CLI, not the MCP server.

Common errors

"etalon: command not found" → cargo install etalon-cli → Ensure ~/.cargo/bin is in PATH

Timeout on scan: → Add --timeout 60000

Unknown domains in report: → Not in ETALON's 111k registry → Check manually at etalon.nma.vc or report to registry

More in Dev Tools