← Back to Skills Marketplace
86
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install nex-gdpr
Description
GDPR and AVG (Belgian data protection law) compliance handler for agency operators, data controllers, and organizations managing data subject requests. Regis...
Usage Guidance
This skill mostly does what it claims (search local session files, logs, and some sqlite DBs, compile exports, and optionally delete files). Before installing:
- Inspect setup.sh before running (it is present but no install spec was published). It may create a venv, place an executable, or download dependencies.
- Confirm how NEX_GDPR_SCAN_PATHS is supposed to be used; the metadata lists it but the shipped code does not appear to read it — ask the author or review config changes if you need custom scan paths.
- Back up important data and test on a non-production account first. 'Erasure' operations can remove files owned by the agent user; the code deletes user-owned files after scanning (it attempts to avoid system paths), so verify results before using on real requests.
- Verify file permissions on ~/.nex-gdpr and where export ZIPs are stored; ensure exports are encrypted before sending to requestors (README recommends this but does not enforce it).
- Review setup.sh and any network calls it may perform. If you cannot inspect setup.sh, do not run it in production.
- If you expect the skill to honor an env var for custom scan paths (NEX_GDPR_SCAN_PATHS), require the author to implement it or edit lib/config.py to add support.
Given these mismatches and the destructive nature of erasure functions, proceed only after code inspection and testing.
Capability Analysis
Type: OpenClaw Skill
Name: nex-gdpr
Version: 1.0.0
The nex-gdpr skill bundle provides a suite for managing GDPR compliance, but it possesses high-risk capabilities that warrant a suspicious classification. The tool is designed to recursively scan the user's home directory, OpenClaw sessions, and specific third-party application databases (e.g., life-logger, inbox, and notes) for personal data (lib/scanner.py, lib/config.py). It also includes functionality to securely delete files and package discovered data into ZIP archives for export (lib/processor.py). While these features are aligned with the stated purpose of handling GDPR 'Right to Access' and 'Right to Erasure' requests, the broad read/write access to sensitive files and other application databases creates a significant risk if the agent is manipulated via prompt injection. No evidence of intentional data exfiltration was found, though it references the domain nex-ai.be.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match the code: the package scans session/memory/log directories, inspects some SQLite DBs, produces exports, and implements erasure/portability/access flows. Required binary (python3) is appropriate.
Instruction Scope
SKILL.md instructs scanning OpenClaw sessions, agent memory, logs, and skill DBs — and the code does exactly that. This means the skill will read many local files (~/.* session dirs, logs, and other skill DBs). That is expected for a GDPR tool but is sensitive: the scanner traverses user files and opens SQLite DBs and will record findings to its own database and exports.
Install Mechanism
Registry metadata lists no install spec, but the package includes setup.sh and README instructions telling users to run bash setup.sh to create a venv and an executable wrapper. The setup script content was not shown; running it could create files, install packages, or download code. This mismatch (no registry install spec vs. an on-disk installer) is worth inspecting before running setup.sh.
Credentials
The skill declares two required env vars (OPENCLAW_SESSIONS, NEX_GDPR_SCAN_PATHS). The code uses OPENCLAW_SESSIONS (via config) but does not appear to consume NEX_GDPR_SCAN_PATHS anywhere — an undeclared/unused environment variable in metadata is inconsistent. No external credentials are requested, which is appropriate for a local scanner, but the declared env mismatch should be clarified.
Persistence & Privilege
The skill writes to ~/.nex-gdpr (database, exports, audit) and installs a local executable per README; it does not request always:true or attempt to modify other skills. It does perform file deletions when processing erasure requests (with ownership checks), which is expected but destructive when used — so treat erasure operations with care.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nex-gdpr - After installation, invoke the skill by name or use
/nex-gdpr - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Nex Gdpr?
GDPR and AVG (Belgian data protection law) compliance handler for agency operators, data controllers, and organizations managing data subject requests. Regis... It is an AI Agent Skill for Claude Code / OpenClaw, with 86 downloads so far.
How do I install Nex Gdpr?
Run "/install nex-gdpr" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nex Gdpr free?
Yes, Nex Gdpr is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Nex Gdpr support?
Nex Gdpr is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nex Gdpr?
It is built and maintained by Nex AI (@nexaiguy); the current version is v1.0.0.
More Skills