技能详情(站内镜像,无评论)
作者:Alireza Rezvani @alirezarezvani
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v2.1.1
统计:⭐ 3 · 1.6k · 5 current installs · 5 all-time installs
⭐ 3
安装量(当前) 5
🛡 VirusTotal :良性 · OpenClaw :良性
Package:alirezarezvani/gdpr-dsgvo-expert
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's files, instructions, and runtime behavior are consistent with a GDPR/DSGVO compliance toolkit — it scans codebases, produces DPIAs, and tracks DSRs without requesting unrelated credentials or external installs.
目的
Name/description (GDPR/DSGVO automation) align with the included scripts and reference docs. The three scripts implement a compliance scanner, DPIA generator, and DSR tracker as advertised; no unrelated credentials, binaries, or unexpected OS-level access are requested.
说明范围
SKILL.md instructs the agent/user to scan arbitrary project directories and run the included scripts. This is expected, but the scanner will read many file types (including .env and config files) and the DSR tracker persists requests to a local JSON file; both behaviors can surface sensitive data and should be run only on repositories/systems you control.
安装机制
No install spec is provided (instruction-only), and the code files are plain Python scripts. Nothing is downloaded or installed automatically as part of the skill, so there is low install risk. The user runs the scripts explicitly.
证书
The skill declares no required environment variables or credentials and does not appear to access system credentials. The scanner intentionally examines files (including .env and config files) which is proportionate to scanning for personal data but means it can surface secrets if run against sensitive directories.
持久
always is false and the skill does not request elevated or persistent platform privileges. It does create and update local artifacts (e.g., dsr_requests.json, report files) in the working directory; these are normal but note they are stored in plaintext by the included scripts.
综合结论
This package appears to do what it says, but take precautions before running it: 1) Run the tools only on codebases you control or in a sandbox/container — the scanner will read many file types (including .env) and can reveal secrets. 2) Protect any generated DSR data files (dsr_requests.json) and reports; the tracker stores requests in plaintext by default. 3) Review and adapt the identity-verification and retention workflows before using the…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Gdpr Dsgvo Expert」。简介:GDPR and German DSGVO compliance automation. Scans codebases for privacy risks,…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/alirezarezvani/gdpr-dsgvo-expert/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: "gdpr-dsgvo-expert"
description: GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, and data subject rights management.
---
# GDPR/DSGVO Expert
Tools and guidance for EU General Data Protection Regulation (GDPR) and German Bundesdatenschutzgesetz (BDSG) compliance.
---
## Table of Contents
- [Tools](#tools)
- [GDPR Compliance Checker](#gdpr-compliance-checker)
- [DPIA Generator](#dpia-generator)
- [Data Subject Rights Tracker](#data-subject-rights-tracker)
- [Reference Guides](#reference-guides)
- [Workflows](#workflows)
---
## Tools
### GDPR Compliance Checker
Scans codebases for potential GDPR compliance issues including personal data patterns and risky code practices.
```bash
# Scan a project directory
python scripts/gdpr_compliance_checker.py /path/to/project
# JSON output for CI/CD integration
python scripts/gdpr_compliance_checker.py . --json --output report.json
```
**Detects:**
- Personal data patterns (email, phone, IP addresses)
- Special category data (health, biometric, religion)
- Financial data (credit cards, IBAN)
- Risky code patterns:
- Logging personal data
- Missing consent mechanisms
- Indefinite data retention
- Unencrypted sensitive data
- Disabled deletion functionality
**Output:**
- Compliance score (0-100)
- Risk categorization (critical, high, medium)
- Prioritized recommendations with GDPR article references
---
### DPIA Generator
Generates Data Protection Impact Assessment documentation following Art. 35 requirements.
```bash
# Get input template
python scripts/dpia_generator.py --template > input.json
# Generate DPIA report
python scripts/dpia_generator.py --input input.json --output dpia_report.md
```
**Features:**
- Automatic DPIA threshold assessment
- Risk identification based on processing characteristics
- Legal basis requirements documentation
- Mitigation recommendations
- Markdown report generation
**DPIA Triggers Assessed:**
- Systematic monitoring (Art. 35(3)(c))
- Large-scale special category data (Art. 35(3)(b))
- Automated decision-making (Art. 35(3)(a))
- WP29 high-risk criteria
---
### Data Subject Rights Tracker
Manages data subject rights requests under GDPR Articles 15-22.
```bash
# Add new request
python scripts/data_subject_rights_tracker.py add
--type access --subject "John Doe" --email "john@example.com"
# List all requests
python scripts/data_subject_rights_tracker.py list
# Update status
python scripts/data_subject_rights_tracker.py status --id DSR-202601-0001 --update verified
# Generate compliance report
python scripts/data_subject_rights_tracker.py report --output compliance.json
# Generate response template
python scripts/data_subject_rights_tracker.py template --id DSR-202601-0001
```
**Supported Rights:**
| Right | Article | Deadline |
|-------|---------|----------|
| Access | Art. 15 | 30 days |
| Rectification | Art. 16 | 30 days |
| Erasure | Art. 17 | 30 days |
| Restriction | Art. 18 | 30 days |
| Portability | Art. 20 | 30 days |
| Objection | Art. 21 | 30 days |
| Automated decisions | Art. 22 | 30 days |
**Features:**
- Deadline tracking with overdue alerts
- Identity verification workflow
- Response template generation
- Compliance reporting
---
## Reference Guides
### GDPR Compliance Guide
`references/gdpr_compliance_guide.md`
Comprehensive implementation guidance covering:
- Legal bases for processing (Art. 6)
- Special category requirements (Art. 9)
- Data subject rights implementation
- Accountability requirements (Art. 30)
- International transfers (Chapter V)
- Breach notification (Art. 33-34)
### German BDSG Requirements
`references/german_bdsg_requirements.md`
German-specific requirements including:
- DPO appointment threshold (§ 38 BDSG - 20+ employees)
- Employment data processing (§ 26 BDSG)
- Video surveillance rules (§ 4 BDSG)
- Credit scoring requirements (§ 31 BDSG)
- State data protection laws (Landesdatenschutzgesetze)
- Works council co-determination rights
### DPIA Methodology
`references/dpia_methodology.md`
Step-by-step DPIA process:
- Threshold assessment criteria
- WP29 high-risk indicators
- Risk assessment methodology
- Mitigation measure categories
- DPO and supervisory authority consultation
- Templates and checklists
---
## Workflows
### Workflow 1: New Processing Activity Assessment
```
Step 1: Run compliance checker on codebase
→ python scripts/gdpr_compliance_checker.py /path/to/code
Step 2: Review findings and compliance score
→ Address critical and high issues
Step 3: Determine if DPIA required
→ Check references/dpia_methodology.md threshold criteria
Step 4: If DPIA required, generate assessment
→ python scripts/dpia_generator.py --template > input.json
→ Fill in processing details
→ python scripts/dpia_generator.py --input input.json --output dpia.md
Step 5: Document in records of processing activities
```
### Workflow 2: Data Subject Request Handling
```
Step 1: Log request in tracker
→ python scripts/data_subject_rights_tracker.py add --type [type] ...
Step 2: Verify identity (proportionate measures)
→ python scripts/data_subject_rights_tracker.py status --id [ID] --update verified
Step 3: Gather data from systems
→ python scripts/data_subject_rights_tracker.py status --id [ID] --update in_progress
Step 4: Generate response
→ python scripts/data_subject_rights_tracker.py template --id [ID]
Step 5: Send response and complete
→ python scripts/data_subject_rights_tracker.py status --id [ID] --update completed
Step 6: Monitor compliance
→ python scripts/data_subject_rights_tracker.py report
```
### Workflow 3: German BDSG Compliance Check
```
Step 1: Determine if DPO required
→ 20+ employees processing personal data automatically
→ OR processing requires DPIA
→ OR business involves data transfer/market research
Step 2: If employees involved, review § 26 BDSG
→ Document legal basis for employee data
→ Check works council requirements
Step 3: If video surveillance, comply with § 4 BDSG
→ Install signage
→ Document necessity
→ Limit retention
Step 4: Register DPO with supervisory authority
→ See references/german_bdsg_requirements.md for authority list
```
---
## Key GDPR Concepts
### Legal Bases (Art. 6)
- **Consent**: Marketing, newsletters, analytics (must be freely given, specific, informed)
- **Contract**: Order fulfillment, service delivery
- **Legal obligation**: Tax records, employment law
- **Legitimate interests**: Fraud prevention, security (requires balancing test)
### Special Category Data (Art. 9)
Requires explicit consent or Art. 9(2) exception:
- Health data
- Biometric data
- Racial/ethnic origin
- Political opinions
- Religious beliefs
- Trade union membership
- Genetic data
- Sexual orientation
### Data Subject Rights
All rights must be fulfilled within **30 days** (extendable to 90 for complex requests):
- **Access**: Provide copy of data and processing information
- **Rectification**: Correct inaccurate data
- **Erasure**: Delete data (with exceptions for legal obligations)
- **Restriction**: Limit processing while issues are resolved
- **Portability**: Provide data in machine-readable format
- **Object**: Stop processing based on legitimate interests
### German BDSG Additions
| Topic | BDSG Section | Key Requirement |
|-------|--------------|-----------------|
| DPO threshold | § 38 | 20+ employees = mandatory DPO |
| Employment | § 26 | Detailed employee data rules |
| Video | § 4 | Signage and proportionality |
| Scoring | § 31 | Explainable algorithms |