home / skills / jeremylongshore / claude-code-plugins-plus-skills / scanning-for-data-privacy-issues
/plugins/security/data-privacy-scanner/skills/scanning-for-data-privacy-issues
This skill scans codebases for data privacy risks, generating actionable reports to help ensure gdpr, ccpa, and hipaa compliance.
npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill scanning-for-data-privacy-issuesReview the files below or copy the command above to add this skill to your agents.
---
name: scanning-for-data-privacy-issues
description: Scan for data privacy issues and sensitive information exposure. Use when reviewing data handling practices. Trigger with 'scan privacy issues', 'check sensitive data', or 'validate data protection'.
version: 1.0.0
allowed-tools: "Read, Write, Edit, Grep, Glob, Bash(security:*), Bash(scan:*), Bash(audit:*)"
license: MIT
author: Jeremy Longshore <[email protected]>
---
# Data Privacy Scanner
This skill provides automated assistance for data privacy scanner tasks.
## Overview
This skill automates the process of identifying data privacy risks within a codebase. By leveraging the data-privacy-scanner plugin, Claude can quickly pinpoint potential vulnerabilities, helping developers proactively address compliance requirements and protect sensitive user data.
## How It Works
1. **Initiate Scan**: Upon detecting a privacy-related trigger phrase, Claude activates the data-privacy-scanner plugin.
2. **Analyze Codebase**: The plugin analyzes the specified files or the entire project for potential data privacy violations.
3. **Report Findings**: The plugin generates a detailed report outlining identified risks, including the location of the vulnerability and a description of the potential impact.
## When to Use This Skill
This skill activates when you need to:
- Identify potential data privacy vulnerabilities in a codebase.
- Ensure compliance with data privacy regulations such as GDPR, CCPA, or HIPAA.
- Perform a privacy audit of a project involving sensitive user data.
## Examples
### Example 1: Identifying PII Leaks
User request: "Scan this project for PII leaks."
The skill will:
1. Activate the data-privacy-scanner plugin to analyze the project.
2. Generate a report highlighting potential Personally Identifiable Information (PII) leaks, such as exposed email addresses or phone numbers.
### Example 2: Checking GDPR Compliance
User request: "Check this configuration file for GDPR compliance issues."
The skill will:
1. Activate the data-privacy-scanner plugin to analyze the specified configuration file.
2. Generate a report identifying potential GDPR violations, such as insufficient data anonymization or improper consent management.
## Best Practices
- **Scope**: Specify the relevant files or directories to narrow the scope of the scan and improve performance.
- **Context**: Provide context about the type of data being processed to help the plugin identify relevant privacy risks.
- **Review**: Carefully review the generated report to understand the identified vulnerabilities and implement appropriate remediation measures.
## Integration
This skill can be integrated with other security and compliance tools to provide a comprehensive approach to data privacy. For example, it can be combined with vulnerability scanning tools to identify related security risks or with reporting tools to track progress on remediation efforts.
## Prerequisites
- Access to codebase and configuration files in {baseDir}/
- Security scanning tools installed as needed
- Understanding of security standards and best practices
- Permissions for security analysis operations
## Instructions
1. Identify security scan scope and targets
2. Configure scanning parameters and thresholds
3. Execute security analysis systematically
4. Analyze findings for vulnerabilities and compliance gaps
5. Prioritize issues by severity and impact
6. Generate detailed security report with remediation steps
## Output
- Security scan results with vulnerability details
- Compliance status reports by standard
- Prioritized list of security issues by severity
- Remediation recommendations with code examples
- Executive summary for stakeholders
## Error Handling
If security scanning fails:
- Verify tool installation and configuration
- Check file and directory permissions
- Validate scan target paths
- Review tool-specific error messages
- Ensure network access for dependency checks
## Resources
- Security standard documentation (OWASP, CWE, CVE)
- Compliance framework guidelines (GDPR, HIPAA, PCI-DSS)
- Security scanning tool documentation
- Vulnerability remediation best practices
This skill automates scanning codebases and configuration files to find data privacy risks and exposed sensitive information. It uses a privacy-scanner workflow to locate potential PII leaks, misconfigurations, and compliance gaps and returns actionable findings. Use it to get a prioritized report you can act on during development, audits, or incident reviews.
On a privacy-trigger, the scanner analyzes specified files or the entire project for patterns that indicate sensitive data exposure, improper storage, or weak consent controls. It flags locations, describes the risk and likely impact, and provides remediation suggestions and severity ratings. You can scope scans to directories or file types and combine results with other security tools for broader context.
Will the scanner produce false positives?
Yes. Pattern-based and heuristic checks can flag benign occurrences. Always review each finding and correlate with code context before remediating.
How do I limit the scan to relevant files?
Specify files, directories, or file extensions when triggering the scan to narrow scope and improve performance. Include example paths and data types for better results.