ClawHub

GPDR-Compliance(GPDR合规工具)

Security checks across malware telemetry and agentic risk

Overview

The skill is local and mostly purpose-aligned, but its main GDPR checker can generate favorable compliance results without real evidence.

Install only if you understand that this is a checklist/template aid, not a real GDPR compliance validator. Treat any generated PASS or compliance-rate output as preliminary and require human legal or DPO review before using reports for business, audit, customer, or regulatory purposes. Run it in a virtual environment, pin dependencies, and store generated reports in a protected folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill metadata claims minimal, local-only behavior, but the documented capability set implies file read/write, shell execution, and possible network-capable tooling without explicit permission declarations. This weakens trust boundaries for the agent/runtime and can cause the skill to be invoked with broader operational power than users or policy expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This is a clear description-behavior mismatch: the skill presents itself as a narrowly scoped GDPR report generator, while the documentation indicates additional scripts for DPIA generation, security scanning, subprocess-based testing, template generation, and multiple output formats. Such hidden or understated functionality is dangerous because reviewers and users may authorize or trust the skill under false assumptions, increasing the chance of unexpected file access or code execution paths.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The guide asserts the presence of a DPIA generator as an available and validated capability even though the declared skill inventory does not list that tool. In a security/install guide, inaccurate capability claims can mislead users into trusting nonexistent validation coverage, weakening review rigor and creating supply-chain style confusion about what is actually shipped.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The verification steps instruct users to run scripts that are not declared in the manifest, including security_check_gdpr.py and dpia-generator.py. This is dangerous because operators may search for, substitute, or obtain similarly named files from untrusted sources, and the mismatch also undermines confidence in the package's documented boundaries and review status.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The documentation introduces a DPIA generator that contradicts the manifest's declared core tool list, indicating undisclosed functionality. Even if the generator is benign, capability drift inside a compliance-focused skill undermines reviewability and can conceal additional file creation or processing behavior beyond the approved scope.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest states the skill is limited to three report-generating scripts, but the documentation later expands the capability set with extra security-check and utility tooling. This inconsistency is risky because it obscures the actual attack surface and may allow additional code paths to be shipped and executed without proper review.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
In interactive mode, short or low-content answers are still assigned status "PASSED" while the UI says "needs further evaluation." This creates misleading audit output and can falsely represent weak or absent compliance evidence as a successful control, which is especially risky in a GDPR compliance tool where reports may be relied on for governance or external review.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
In non-interactive mode, every check is automatically marked as PASSED despite the comment acknowledging that real assessment is still needed. This means the tool can generate a fully favorable compliance report without any evidence, enabling false assurance and potential misuse in internal audits, customer attestations, or regulatory contexts.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script presents itself as a compliance checking tool, but the interactive logic does not perform substantive validation and instead tends to record checks as passed based on superficial input length. That is dangerous because it can produce audit artifacts that appear authoritative while lacking evidentiary basis, undermining GDPR governance and potentially concealing compliance gaps.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This code path generates a strongly pass-biased report with no user input, no discovered evidence, and effectively a 100% pass posture. In the context of a GDPR skill, that is particularly dangerous because users may rely on the output to justify sensitive data processing, cross-border transfers, or audit readiness when no real review occurred.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The security-check script launches other skill scripts as part of its verification flow, which expands the trust boundary from static inspection into active execution. If any of those helper scripts have side effects in their argument parsing, imports, or startup path, merely running the checker can trigger unintended behavior inconsistent with the skill's stated 'report-only' posture.

Intent-Code Divergence

Medium
Confidence
79% confidence
Finding
The module documentation says it verifies safety and pure local operation, but the implementation also spawns external processes. Even if those processes are local, the mismatch can mislead reviewers and users into assuming the script is passive, when it actually executes additional code paths and inherits the risks of those scripts.

Scope Creep

Medium
Confidence
90% confidence
Finding
The save_document method writes to an arbitrary caller-supplied path with no path validation, sandboxing, or restriction to an allowed output directory. In an agent context, this can enable unintended file overwrite or placement outside the expected reports area, especially if untrusted input can influence output_path.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The tool saves audit reports containing user-provided responses to disk without a clear warning or consent prompt at the point of write. In a GDPR assessment context, those responses may include sensitive organizational details, processing activities, breach procedures, or personal data, so silent persistence increases confidentiality and data-handling risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The file runs multiple helper scripts automatically without an explicit user-facing consent step immediately before execution. In a security-checking context, this is risky because users may expect analysis only, while the checker actually executes code from the skill package, potentially triggering unexpected local actions.

Known Vulnerable Dependency: jinja2 — 10 advisory(ies): CVE-2019-10906 (Jinja2 sandbox escape via string formatting); CVE-2014-1402 (Incorrect Privilege Assignment in Jinja2); CVE-2025-27516 (Jinja2 vulnerable to sandbox breakout through attr filter selecting format metho) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
jinja2

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal