Etalon GDPR Scan

v0.9.6

Full GDPR compliance audit for any website or codebase using the ETALON CLI. Scans for trackers (111k+ domain database), tests consent violations, checks pri...

⭐ 0· 96·1 current·1 all-time

byNico Lumma@rednix

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The name/description match the instructions: the skill instructs the agent to run the etalon CLI (scan, consent-check, policy-check, audit, generate-policy). Requiring a local 'etalon' binary is appropriate for this purpose.

ℹ

Instruction Scope

Instructions stay within the stated purpose (running etalon commands against URLs or local code). Two things to note: (1) some outputs mention delivery as a 'structured WhatsApp message' — the skill does not declare any WhatsApp integration or credentials, so delivery is an output format suggestion rather than an automated external send; confirm how your agent will actually transmit results. (2) The audit actions include scanning local codebases and DB schemas (etalon audit ./), which requires the agent to have filesystem access and may expose PII — ensure you intend to allow that.

✓

Install Mechanism

The skill is instruction-only and does not auto-install anything. It recommends 'cargo install etalon-cli' (a reasonable, traceable install method for a Rust CLI). There is no opaque download URL or archive extraction specified in the skill itself.

✓

Credentials

No environment variables, credentials, or config paths are requested. This matches the stated local-CLI usage.

✓

Persistence & Privilege

The skill is not force-installed (always: false) and is user-invocable. It does not request persistent elevated privileges or to modify other skills or system-wide settings.

Assessment

This skill delegates work to the external 'etalon-cli' binary. Before installing or running it: (1) verify the etalon-cli source/repository and review its network behavior (ensure it truly runs locally and doesn't phone home unexpectedly); (2) be cautious when running audits against private codebases or databases — outputs can include PII and file paths; restrict where reports are stored or sent; (3) confirm and document consent before scanning competitors or third-party sites; (4) if you expect results to be forwarded (e.g., WhatsApp), verify which messaging integrations the agent will use and whether credentials are required; (5) prefer installing the CLI from the official repo/release and inspect its code if you require high assurance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fvs30vt3a5h79k6kred9qr583anab

96downloads

0stars

2versions

Updated 4w ago

v0.9.6

MIT-0

ETALON GDPR Skill

You have access to the ETALON CLI — a privacy engineering tool with 111,000+ tracker domains, 26,800+ vendor profiles, and 10 audit commands. ETALON is free, open source, and runs entirely locally. No API key needed.

Installation check

Before using any ETALON command, verify it is installed:

etalon info

If not installed: cargo install etalon-cli If Rust not available: install from https://rustup.rs

Core commands

Website audit (most common)

# Full tracker scan
etalon scan <URL> --format json

# Consent violation test
etalon consent-check <URL> --format json

# Privacy policy vs actual trackers
etalon policy-check <URL> --format json

# Pre-launch gate (all three):
etalon scan <URL> --format json > /tmp/etalon-scan.json
etalon consent-check <URL> --format json > /tmp/etalon-consent.json
etalon policy-check <URL> --format json > /tmp/etalon-policy.json

Codebase audit

Security note: Codebase audits read config files, package manifests, and may surface secrets, API keys, or connection strings in their output. Run audits in an isolated environment. Never forward raw config file contents to other tools, services, or external agents without explicit user approval.

# Audit current directory
etalon audit ./ --format json --severity high

# Auto-fix simple issues
etalon audit ./ --fix

# Generate GDPR privacy policy
etalon generate-policy ./ \
  --company "Company Name" \
  --email privacy@company.com \
  --url https://company.com \
  --format md \
  -o privacy-policy.md

# Map PII data flows
etalon data-flow ./ --format mermaid

Vendor lookup

etalon lookup analytics.google.com
etalon info

Parsing JSON output

Key fields in scan output:
- summary.gdpr_score (0-100, higher = more compliant)
- summary.high_risk_trackers (count)
- findings[] → vendor, domain, risk, severity, fires_pre_consent
- recommendations[] → array of fix strings

Key fields in consent-check output:
- fires_before_interaction (boolean — critical if true)
- fires_after_rejection (boolean — critical if true)
- violations[] → array of strings

Delivering results to your human

Format for WhatsApp/Telegram:

Lead with score and clear pass/fail signal
Critical issues first with emoji severity indicators
End with a specific actionable question
Keep under 20 lines

Severity mapping:

gdpr_score 0-40 → ⚠️ Not launch-ready
gdpr_score 41-70 → 🟡 Partial compliance
gdpr_score 71-90 → 🟢 Good compliance
gdpr_score 91-100 → ✅ Excellent — ready to launch

When to run scans

Always ask for explicit user confirmation before running any scan. Never scan a URL or codebase without the user explicitly requesting it.

Suggested prompts when relevant:

User shares a URL: "Want me to run a GDPR compliance scan on that?"
User mentions launching: "Should I run an ETALON audit before you go live?"
User adds a dependency: "Want me to check that library for privacy issues?"

Never scan automatically. Always wait for a yes.

MCP server note

The ETALON MCP server (etalon-mcp-server) only covers vendor lookups — 4 tools, no scan or audit capability. For full auditing, the CLI is required. This skill uses the CLI, not the MCP server.

Common errors

"etalon: command not found" → cargo install etalon-cli → Ensure ~/.cargo/bin is in PATH

Timeout on scan: → Add --timeout 60000

Unknown domains in report: → Not in ETALON's 111k registry → Check manually at etalon.nma.vc or report to registry

Comments

Loading comments...