Data Privacy & Protection Program
v1.1.0Create and audit comprehensive data privacy programs covering GDPR, CCPA/CPRA, LGPD, POPIA, PIPL—from data mapping to breach response and consent management.
⭐ 0· 802·2 current·2 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description promise privacy program design, assessment, and playbooks; the SKILL.md contains templates (ROPA, DPIA), maturity models, regulatory matrices, and procedures that match that purpose. Nothing requested (no env vars, no binaries) is out of line for a documentation/assistant skill.
Instruction Scope
The runtime instructions are procedural and template-driven (assessments, decision trees, response playbooks). They do not direct the agent to read arbitrary system files, collect environment variables, or post data to external endpoints. No open-ended instructions grant broad discretion to exfiltrate data.
Install Mechanism
There is no install spec and no code files; this is instruction-only, so nothing will be downloaded or written to disk by the skill itself. That is the lowest-risk model for a skill of this type.
Credentials
The skill declares no required environment variables, credentials, or config paths. Given its stated goal (templates and guidance), this is proportionate. There are marketing links to external context packs, but those are informational and not required by the skill itself.
Persistence & Privilege
always:false and no install means the skill does not request persistent system presence. The skill is allowed to be invoked autonomously by the agent (platform default); this is expected for a user-invocable skill but keep in mind autonomous agents can act without a human in some workflows—this is a platform-level behavior, not a fault of the skill itself.
Assessment
This skill is a content/template pack (not code) and appears internally consistent with being a DPO assistant. Before installing: (1) understand this is guidance, not legal advice — validate outputs with counsel; (2) do not paste sensitive or live personal data into the agent when using templates (DSAR content, raw PII) unless you trust the execution environment; (3) the README links paid 'context packs' on an external site—treat those as third-party purchases and verify the vendor; (4) if you plan to integrate the agent with your systems (to manage DSARs, send notifications, or access vendor systems), grant only minimal, auditable credentials and review those integrations separately. Overall: acceptable to install as a documentation/assistant skill, but exercise normal caution when feeding real personal data or connecting it to live systems.Like a lobster shell, security has layers — review code before you run it.
ccpavk97dv6x0cema7gsevyxcej3rmd81fjbbcompliancevk97dv6x0cema7gsevyxcej3rmd81fjbbdata-protectionvk97dv6x0cema7gsevyxcej3rmd81fjbbdpiavk97dv6x0cema7gsevyxcej3rmd81fjbbdpovk97dv6x0cema7gsevyxcej3rmd81fjbbdsarvk97dv6x0cema7gsevyxcej3rmd81fjbbgdprvk97dv6x0cema7gsevyxcej3rmd81fjbblatestvk97dv6x0cema7gsevyxcej3rmd81fjbbprivacyvk97dv6x0cema7gsevyxcej3rmd81fjbb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.