← 返回 Skills 市场

Etalon GDPR Scan

Name: Etalon GDPR Scan
Author: rednix

作者 Nico Lumma · GitHub ↗ · v0.9.6 · MIT-0

cross-platform ⚠ suspicious

122

总下载

当前安装

版本数

在 OpenClaw 中安装

/install etalon-gdpr

功能描述

Full GDPR compliance audit for any website or codebase using the ETALON CLI. Scans for trackers (111k+ domain database), tests consent violations, checks pri...

使用说明 (SKILL.md)

ETALON GDPR Skill

You have access to the ETALON CLI — a privacy engineering tool with 111,000+ tracker domains, 26,800+ vendor profiles, and 10 audit commands. ETALON is free, open source, and runs entirely locally. No API key needed.

Installation check

Before using any ETALON command, verify it is installed:

etalon info

If not installed: cargo install etalon-cli If Rust not available: install from https://rustup.rs

Core commands

Website audit (most common)

# Full tracker scan
etalon scan \x3CURL> --format json

# Consent violation test
etalon consent-check \x3CURL> --format json

# Privacy policy vs actual trackers
etalon policy-check \x3CURL> --format json

# Pre-launch gate (all three):
etalon scan \x3CURL> --format json > /tmp/etalon-scan.json
etalon consent-check \x3CURL> --format json > /tmp/etalon-consent.json
etalon policy-check \x3CURL> --format json > /tmp/etalon-policy.json

Codebase audit

Security note: Codebase audits read config files, package manifests, and may surface secrets, API keys, or connection strings in their output. Run audits in an isolated environment. Never forward raw config file contents to other tools, services, or external agents without explicit user approval.

# Audit current directory
etalon audit ./ --format json --severity high

# Auto-fix simple issues
etalon audit ./ --fix

# Generate GDPR privacy policy
etalon generate-policy ./ \
  --company "Company Name" \
  --email [email protected] \
  --url https://company.com \
  --format md \
  -o privacy-policy.md

# Map PII data flows
etalon data-flow ./ --format mermaid

Vendor lookup

etalon lookup analytics.google.com
etalon info

Parsing JSON output

Key fields in scan output:
- summary.gdpr_score (0-100, higher = more compliant)
- summary.high_risk_trackers (count)
- findings[] → vendor, domain, risk, severity, fires_pre_consent
- recommendations[] → array of fix strings

Key fields in consent-check output:
- fires_before_interaction (boolean — critical if true)
- fires_after_rejection (boolean — critical if true)
- violations[] → array of strings

Delivering results to your human

Format for WhatsApp/Telegram:

Lead with score and clear pass/fail signal
Critical issues first with emoji severity indicators
End with a specific actionable question
Keep under 20 lines

Severity mapping:

gdpr_score 0-40 → ⚠️ Not launch-ready
gdpr_score 41-70 → 🟡 Partial compliance
gdpr_score 71-90 → 🟢 Good compliance
gdpr_score 91-100 → ✅ Excellent — ready to launch

When to run scans

Always ask for explicit user confirmation before running any scan. Never scan a URL or codebase without the user explicitly requesting it.

Suggested prompts when relevant:

User shares a URL: "Want me to run a GDPR compliance scan on that?"
User mentions launching: "Should I run an ETALON audit before you go live?"
User adds a dependency: "Want me to check that library for privacy issues?"

Never scan automatically. Always wait for a yes.

MCP server note

The ETALON MCP server (etalon-mcp-server) only covers vendor lookups — 4 tools, no scan or audit capability. For full auditing, the CLI is required. This skill uses the CLI, not the MCP server.

Common errors

"etalon: command not found" → cargo install etalon-cli → Ensure ~/.cargo/bin is in PATH

Timeout on scan: → Add --timeout 60000

Unknown domains in report: → Not in ETALON's 111k registry → Check manually at etalon.nma.vc or report to registry

安全使用建议

This skill delegates work to the external 'etalon-cli' binary. Before installing or running it: (1) verify the etalon-cli source/repository and review its network behavior (ensure it truly runs locally and doesn't phone home unexpectedly); (2) be cautious when running audits against private codebases or databases — outputs can include PII and file paths; restrict where reports are stored or sent; (3) confirm and document consent before scanning competitors or third-party sites; (4) if you expect results to be forwarded (e.g., WhatsApp), verify which messaging integrations the agent will use and whether credentials are required; (5) prefer installing the CLI from the official repo/release and inspect its code if you require high assurance.

功能分析

Type: OpenClaw Skill Name: etalon-gdpr Version: 0.9.6 The skill bundle provides GDPR auditing capabilities via the 'etalon-cli' tool, including website scanning and codebase analysis. While the bundle appears legitimate and includes proactive security warnings regarding sensitive data and mandates user consent, it is classified as suspicious due to potential shell injection vulnerabilities. Specifically, instructions in SKILL.md direct the agent to execute shell commands (e.g., 'etalon scan <URL>' and 'etalon generate-policy --company "<company>"') using unvalidated user-provided strings. Additionally, the tool performs high-risk operations such as reading local configuration files and modifying the filesystem ('--fix' flag), which are aligned with its stated purpose but require careful isolation.

能力评估

✓ Purpose & Capability

The name/description match the instructions: the skill instructs the agent to run the etalon CLI (scan, consent-check, policy-check, audit, generate-policy). Requiring a local 'etalon' binary is appropriate for this purpose.

ℹ Instruction Scope

Instructions stay within the stated purpose (running etalon commands against URLs or local code). Two things to note: (1) some outputs mention delivery as a 'structured WhatsApp message' — the skill does not declare any WhatsApp integration or credentials, so delivery is an output format suggestion rather than an automated external send; confirm how your agent will actually transmit results. (2) The audit actions include scanning local codebases and DB schemas (etalon audit ./), which requires the agent to have filesystem access and may expose PII — ensure you intend to allow that.

✓ Install Mechanism

The skill is instruction-only and does not auto-install anything. It recommends 'cargo install etalon-cli' (a reasonable, traceable install method for a Rust CLI). There is no opaque download URL or archive extraction specified in the skill itself.

✓ Credentials

No environment variables, credentials, or config paths are requested. This matches the stated local-CLI usage.

✓ Persistence & Privilege

The skill is not force-installed (always: false) and is user-invocable. It does not request persistent elevated privileges or to modify other skills or system-wide settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install etalon-gdpr
安装完成后，直接呼叫该 Skill 的名称或使用 /etalon-gdpr 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.9.6

Fix: removed autonomous background scan language, removed external skill chains (github-pr, markdown-report) that implied credential usage

v0.9.5

Security fixes: removed curl|sh, consent-first scanning, binary declarations, codebase audit warning

元数据

Slug etalon-gdpr

版本 0.9.6

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 2

常见问题

Etalon GDPR Scan 是什么？

Full GDPR compliance audit for any website or codebase using the ETALON CLI. Scans for trackers (111k+ domain database), tests consent violations, checks pri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 122 次。

如何安装 Etalon GDPR Scan？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install etalon-gdpr」即可一键安装，无需额外配置。

Etalon GDPR Scan 是免费的吗？

是的，Etalon GDPR Scan 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Etalon GDPR Scan 支持哪些平台？

Etalon GDPR Scan 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Etalon GDPR Scan？

由 Nico Lumma（@rednix）开发并维护，当前版本 v0.9.6。