ClawHub

Compliance Audit Generator

v1.0.0

Generates detailed compliance audits with risk-prioritized findings and remediation plans for frameworks like SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS.

1· 899·2 current·2 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and instructions align: the skill is an instruction-only generator for compliance frameworks and does not request unrelated binaries, credentials, or system access.
Instruction Scope
Instructions are narrowly scoped to asking for organizational context and producing structured audit reports. However, the skill expects potentially sensitive inputs (industry, data types, tech stack, known gaps). The SKILL.md also directs the agent to reference specific control numbers and provide cost estimates — this raises risk of hallucinated/misstated controls or inaccurate contractor pricing. The skill does not instruct reading local files, env vars, or sending data to external endpoints, but users should avoid pasting secrets.
Install Mechanism
No install spec and no code files — instruction-only skill means nothing is written to disk and no external packages are pulled in.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to an advisory/reporting tool that relies on user-provided context.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skill configs. Autonomous invocation is allowed by default but not combined with other concerning privileges.
Assessment
This appears to be a coherent, instruction-only compliance audit generator. Before you use it: (1) do not paste secrets or full credentials — provide high-level descriptions instead; (2) treat the output as a starting point, not a certified audit — independently verify all control references (e.g., SOC 2, ISO control IDs) and legal/regulatory claims; (3) spot-check cost estimates and third-party/tool recommendations with vendors; (4) if you need an official audit or attestation, engage a qualified auditor — this tool can help prepare but should not replace formal certification.

Like a lobster shell, security has layers — review code before you run it.

auditvk97awkzmc15spkq5y25h7bhbch812znfcompliancevk97awkzmc15spkq5y25h7bhbch812znfgdprvk97awkzmc15spkq5y25h7bhbch812znfhipaavk97awkzmc15spkq5y25h7bhbch812znfiso27001vk97awkzmc15spkq5y25h7bhbch812znflatestvk97awkzmc15spkq5y25h7bhbch812znfpci-dssvk97awkzmc15spkq5y25h7bhbch812znfsecurityvk97awkzmc15spkq5y25h7bhbch812znfsoc2vk97awkzmc15spkq5y25h7bhbch812znf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments