by 安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This skill delegates work to the external 'etalon-cli' binary. Before installing or running it: (1) verify the etalon-cli source/repository and review its network behavior (ensure it truly runs locally and doesn't phone home unexpectedly); (2) be cautious when running audits against private codebases or databases — outputs can include PII and file paths; restrict where reports are stored or sent; (3) confirm and document consent before scanning competitors or third-party sites; (4) if you expect...详细分析 ▾
✓ 用途与能力
The name/description match the instructions: the skill instructs the agent to run the etalon CLI (scan, consent-check, policy-check, audit, generate-policy). Requiring a local 'etalon' binary is appropriate for this purpose.
ℹ 指令范围
Instructions stay within the stated purpose (running etalon commands against URLs or local code). Two things to note: (1) some outputs mention delivery as a 'structured WhatsApp message' — the skill does not declare any WhatsApp integration or credentials, so delivery is an output format suggestion rather than an automated external send; confirm how your agent will actually transmit results. (2) The audit actions include scanning local codebases and DB schemas (etalon audit ./), which requires the agent to have filesystem access and may expose PII — ensure you intend to allow that.
✓ 安装机制
The skill is instruction-only and does not auto-install anything. It recommends 'cargo install etalon-cli' (a reasonable, traceable install method for a Rust CLI). There is no opaque download URL or archive extraction specified in the skill itself.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. This matches the stated local-CLI usage.
✓ 持久化与权限
The skill is not force-installed (always: false) and is user-invocable. It does not request persistent elevated privileges or to modify other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.9.62026/3/21
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install etalon-gdpr
镜像加速npx clawhub@latest install etalon-gdpr --registry https://cn.longxiaskill.com