← 返回 Skills 市场
86
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install nex-gdpr
功能描述
GDPR and AVG (Belgian data protection law) compliance handler for agency operators, data controllers, and organizations managing data subject requests. Regis...
安全使用建议
This skill mostly does what it claims (search local session files, logs, and some sqlite DBs, compile exports, and optionally delete files). Before installing:
- Inspect setup.sh before running (it is present but no install spec was published). It may create a venv, place an executable, or download dependencies.
- Confirm how NEX_GDPR_SCAN_PATHS is supposed to be used; the metadata lists it but the shipped code does not appear to read it — ask the author or review config changes if you need custom scan paths.
- Back up important data and test on a non-production account first. 'Erasure' operations can remove files owned by the agent user; the code deletes user-owned files after scanning (it attempts to avoid system paths), so verify results before using on real requests.
- Verify file permissions on ~/.nex-gdpr and where export ZIPs are stored; ensure exports are encrypted before sending to requestors (README recommends this but does not enforce it).
- Review setup.sh and any network calls it may perform. If you cannot inspect setup.sh, do not run it in production.
- If you expect the skill to honor an env var for custom scan paths (NEX_GDPR_SCAN_PATHS), require the author to implement it or edit lib/config.py to add support.
Given these mismatches and the destructive nature of erasure functions, proceed only after code inspection and testing.
功能分析
Type: OpenClaw Skill
Name: nex-gdpr
Version: 1.0.0
The nex-gdpr skill bundle provides a suite for managing GDPR compliance, but it possesses high-risk capabilities that warrant a suspicious classification. The tool is designed to recursively scan the user's home directory, OpenClaw sessions, and specific third-party application databases (e.g., life-logger, inbox, and notes) for personal data (lib/scanner.py, lib/config.py). It also includes functionality to securely delete files and package discovered data into ZIP archives for export (lib/processor.py). While these features are aligned with the stated purpose of handling GDPR 'Right to Access' and 'Right to Erasure' requests, the broad read/write access to sensitive files and other application databases creates a significant risk if the agent is manipulated via prompt injection. No evidence of intentional data exfiltration was found, though it references the domain nex-ai.be.
能力标签
能力评估
Purpose & Capability
Name/description match the code: the package scans session/memory/log directories, inspects some SQLite DBs, produces exports, and implements erasure/portability/access flows. Required binary (python3) is appropriate.
Instruction Scope
SKILL.md instructs scanning OpenClaw sessions, agent memory, logs, and skill DBs — and the code does exactly that. This means the skill will read many local files (~/.* session dirs, logs, and other skill DBs). That is expected for a GDPR tool but is sensitive: the scanner traverses user files and opens SQLite DBs and will record findings to its own database and exports.
Install Mechanism
Registry metadata lists no install spec, but the package includes setup.sh and README instructions telling users to run bash setup.sh to create a venv and an executable wrapper. The setup script content was not shown; running it could create files, install packages, or download code. This mismatch (no registry install spec vs. an on-disk installer) is worth inspecting before running setup.sh.
Credentials
The skill declares two required env vars (OPENCLAW_SESSIONS, NEX_GDPR_SCAN_PATHS). The code uses OPENCLAW_SESSIONS (via config) but does not appear to consume NEX_GDPR_SCAN_PATHS anywhere — an undeclared/unused environment variable in metadata is inconsistent. No external credentials are requested, which is appropriate for a local scanner, but the declared env mismatch should be clarified.
Persistence & Privilege
The skill writes to ~/.nex-gdpr (database, exports, audit) and installs a local executable per README; it does not request always:true or attempt to modify other skills. It does perform file deletions when processing erasure requests (with ownership checks), which is expected but destructive when used — so treat erasure operations with care.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nex-gdpr - 安装完成后,直接呼叫该 Skill 的名称或使用
/nex-gdpr触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Nex Gdpr 是什么?
GDPR and AVG (Belgian data protection law) compliance handler for agency operators, data controllers, and organizations managing data subject requests. Regis... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 86 次。
如何安装 Nex Gdpr?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nex-gdpr」即可一键安装,无需额外配置。
Nex Gdpr 是免费的吗?
是的,Nex Gdpr 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nex Gdpr 支持哪些平台?
Nex Gdpr 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nex Gdpr?
由 Nex AI(@nexaiguy)开发并维护,当前版本 v1.0.0。
推荐 Skills