ClawHub

Compliance & Audit Readiness Engine

v1.0.0

Guides startups and scale-ups through SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS compliance to achieve audit readiness without external consultants.

0· 619·0 current·0 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the content: detailed frameworks, checklists, templates, and project plans for SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS. The skill does not request unrelated binaries, environment variables, or cloud credentials.
Instruction Scope
SKILL.md is a large, prescriptive set of checklists, YAML templates, and procedural guidance. It expects the agent to collect organizational details (e.g., data types handled, vendor lists, PHI presence), which is appropriate for compliance work but means users should avoid pasting real sensitive data (PHI, full payment card numbers, credentials) into prompts unless they intend to share it. There are no instructions that read system files, access environment variables, or send data to unexpected endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk and no external packages are pulled during install.
Credentials
The skill declares no required environment variables, credentials, or config paths. This is proportionate to a documentation/template-driven compliance advisor.
Persistence & Privilege
always is false and there is no request for persistent system-level privileges or changes to other skills. The skill runs as an on-demand instruction set and does not request permanent presence.
Assessment
This skill appears to be what it claims: a set of checklists, templates, and guidance for building compliance programs. Before using it, do not paste real sensitive data (PHI, full card numbers, unredacted personal data, production credentials) into prompts — use redacted or synthetic examples. Treat any policies or templates generated as drafts: have legal, security, or certified auditors review them before relying on them for an actual audit. The README links to paid context packs; those are external resources and not required for the free skill. If the agent asks for access to systems or credentials (it currently doesn't request any), do not provide them unless you understand why and trust the downstream process.

Like a lobster shell, security has layers — review code before you run it.

auditvk97amk9zms1t6nc3xaq3evgfj1819ghscompliancevk97amk9zms1t6nc3xaq3evgfj1819ghsgdprvk97amk9zms1t6nc3xaq3evgfj1819ghshipaavk97amk9zms1t6nc3xaq3evgfj1819ghsiso27001vk97amk9zms1t6nc3xaq3evgfj1819ghslatestvk97amk9zms1t6nc3xaq3evgfj1819ghspci-dssvk97amk9zms1t6nc3xaq3evgfj1819ghssecurityvk97amk9zms1t6nc3xaq3evgfj1819ghssoc2vk97amk9zms1t6nc3xaq3evgfj1819ghs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments