CCPA-Compliance（CCPA合规工具）

v1.0.4

美国加州消费者隐私法（CCPA/CPRA）合规专用工具。当用户需要处理加州消费者数据、 CCPA/CPRA合规检查、消费者权利保障、选择退出机制实现等相关任务时使用此skill。 🎉 版本1.0.4重要更新：纯本地运行，无需安装任何外部依赖

⭐ 0· 178·0 current·0 all-time

byWei Wu@wwumit

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wwumit/ccpa-comliance.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "CCPA-Compliance（CCPA合规工具）" (wwumit/ccpa-comliance) from ClawHub.
Skill page: https://clawhub.ai/wwumit/ccpa-comliance
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ccpa-comliance

ClawHub CLI

Package manager switcher

npx clawhub@latest install ccpa-comliance

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the included scripts and templates. The repository metadata and SKILL.md describe a local compliance tool; the provided Python scripts implement compliance checks, templates, and a local security checker. No unrelated cloud credentials, binaries, or config paths are requested.

ℹ

Instruction Scope

SKILL.md instructs running local Python scripts (ccpa-check.py, security_check_ccpa.py, consumer-rights.py, opt-out-check.py). The scripts accept optional config files and produce local reports. They do not perform network calls in the visible code. Minor implementation issues (e.g., an apparent typo/bug in opt-out-check.py referencing a non-existent key 'authorization') could cause local runtime errors but don't expand the skill's scope or perform unexpected I/O.

✓

Install Mechanism

No install spec; skill is instruction-plus-source only. All files use Python standard library; there are no downloads, external package installs, or archive extracts. package.json and README reference an external homepage/repository URL for metadata only (no code that fetches from it).

✓

Credentials

The skill declares no required environment variables, credentials, or config paths. Scripts read optional user-provided config files and write local reports. No sensitive variables or unrelated credential access are requested.

✓

Persistence & Privilege

Skill does not request always:true, does not claim persistent system-wide changes, and its code explicitly avoids auto-creating directories/files in several places. The included security checker itself warns about avoiding automatic modifications.

Scan Findings in Context

[subprocess_usage] expected: Some scripts (security_check_ccpa.py) import subprocess and appear to run local python commands for functional tests; this is reasonable for a local test harness and not unexpected for a CLI-based compliance tool.

[external_urls_in_metadata] expected: package.json contains repository/homepage URLs. This is normal metadata; the code does not use those URLs to perform network calls.

[network_keyword_checks] expected: security_check_ccpa.py includes regexes searching for network-related imports/URLs to validate 'no network' claims. The presence of those checks is expected for a script that verifies local-only operation.

Assessment

This skill appears coherent: the scripts implement local CCPA/CPRA checks and templates and deliberately avoid network calls or external credentials. Before installing/use: 1) Review the code locally (already small and readable) and run the included security_check_ccpa.py to confirm no network activity in your environment. 2) Run the tools in an isolated/dev environment first and provide only intended config files (they optionally read JSON config). 3) Be aware of minor bugs (e.g., a possible typo in opt-out-check.py that may raise an error) — you may want to fix small issues or run unit tests before relying on outputs for critical decisions. 4) This tool provides guidance and templates but is not a substitute for legal advice; consult counsel for binding compliance actions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c8jybgfj9qxepgm5nqyc7r183thw6

178downloads

0stars

5versions

Updated 4w ago

v1.0.4

MIT-0

美国加州消费者隐私法（CCPA/CPRA）合规Skill v1.0.4

⚖️ 重要法律声明

免责条款

非法律建议：本技能提供合规指导，不构成法律意见
专业咨询：重大合规决策必须咨询专业律师
责任限制：用户对使用后果负全责
适用性：专为加州CCPA/CPRA设计

🎯 功能概述

核心功能

✅ CCPA合规检查
✅ 消费者权利检查
✅ 数据销售检查
✅ 服务提供商协议检查
✅ 合规文档生成

安全特性

🔒 纯本地运行 ✅ 已强化
🔒 无网络调用 ✅ 已强化
🔒 数据安全
🔒 代码透明
⚡ 零依赖安装 ✅ 新增

🚀 快速开始

安装

openclaw skill install ccpa-compliance-1.0.3.skill

基本使用

# CCPA合规检查
python scripts/ccpa-check.py

# 安全检查
python scripts/security_check_ccpa.py

📁 文件结构

ccpa-compliance-1.0.4/
├── SKILL.md                    # 主文档
├── README.md                   # 详细说明
├── CHANGELOG.md               # 更新日志
├── package.json               # 包信息
├── requirements.txt           # 依赖说明（无实际依赖）
├── SECURITY_CHECK_GUIDE.md    # 安全指南
├── scripts/                   # 核心脚本
│   ├── ccpa-check.py          # CCPA检查工具
│   ├── consumer-rights.py     # 消费者权利检查
│   ├── opt-out-check.py       # 选择退出检查
│   ├── security_check_ccpa.py # 安全检查
│   └── utils/                 # 工具函数库
├── references/                # 参考文档
│   └── ccpa-law.md           # CCPA法规摘要

🔧 技术规格

依赖 🎉 重要更新

Python >= 3.8（仅需标准库）
无需安装pandas、jinja2等外部包
所有功能使用Python标准库实现

运行环境 ✅ 已强化

纯本地环境
无需网络连接
零依赖安装

📊 使用场景

场景1：企业合规自查

检查CCPA适用性
评估合规状况

场景2：数据销售管理

识别数据销售活动
检查选择退出机制

场景3：服务提供商管理

检查服务提供商协议
确保CCPA合规要求

📈 成功案例

案例1：加州科技公司

实现CCPA合规
通过监管检查

案例2：电商平台

管理数据销售
降低合规风险

🔄 版本管理

当前版本：1.0.4 🎉 重要更新

解决网络依赖矛盾：移除pandas、jinja2等外部依赖要求
强化纯本地声明：所有功能使用Python标准库
简化安装流程：无需pip install，直接运行
更新文档一致性：确保所有文档与代码一致

更新日志

详见 CHANGELOG.md

📞 支持

文档

README.md - 使用说明
SECURITY_CHECK_GUIDE.md - 安全指南
references/ccpa-law.md - 法规参考

建议

阅读安全指南
测试环境验证
定期检查更新

发布日期：2026年3月29日
版本：CCPA Compliance v1.0.4
状态：✅ 安全验证通过 | 🔒 纯本地运行 | ⚡ 零依赖安装

Comments

Loading comments...