ClawHub

Enterprise Risk Management Engine

v1.0.0

Enterprise Risk Management Engine helps organizations identify, assess, mitigate, and monitor operational, financial, strategic, compliance, cyber, and reput...

0· 825·3 current·3 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, README and SKILL.md all describe an ERM system (risk universe, templates, assessments, reporting). There are no unrelated binaries, credentials, or install steps requested, so the declared capabilities align with the requested footprint.
Instruction Scope
SKILL.md provides step-by-step ERM procedures and YAML templates and asks for organizational context (revenue, incidents, controls, strategic objectives). That is expected for an ERM skill, but it does require the user to supply potentially sensitive business information (financials, incidents, regulatory details). The instructions do not appear to tell the agent to read system files, environment variables, or transmit data to unexpected external endpoints.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files—lowest installation risk.
Credentials
The skill requests no environment variables, credentials, or config paths. No disproportionate access to secrets is requested. The README references a commercial context-pack URL, but that is advertising/ancillary and not required for operation.
Persistence & Privilege
always is false, user-invocable is true, and model invocation is allowed (platform defaults). The skill does not request persistent installation or modification of other skills or system-wide settings.
Assessment
This is a coherent ERM guidance/template — it will ask you to provide organizational context that can include sensitive business or personal data (revenues, incidents, customer concentrations, etc.). Before using it: (1) avoid pasting secrets or credentials into the agent; redact sensitive PII or financials if you don’t want them processed by the agent; (2) verify the publisher/URL in the README if you plan to pay for context packs; (3) run any board- or regulatory-sensitive outputs through an internal reviewer before sharing externally; and (4) if you need integrations (dashboards, HR/finance systems), prefer explicit, vetted connectors rather than pasting data into a general-purpose agent.

Like a lobster shell, security has layers — review code before you run it.

auditvk976dazb06j1y763ape9wkcar58184m6business-continuityvk976dazb06j1y763ape9wkcar58184m6compliancevk976dazb06j1y763ape9wkcar58184m6enterprisevk976dazb06j1y763ape9wkcar58184m6governancevk976dazb06j1y763ape9wkcar58184m6latestvk976dazb06j1y763ape9wkcar58184m6managementvk976dazb06j1y763ape9wkcar58184m6riskvk976dazb06j1y763ape9wkcar58184m6securityvk976dazb06j1y763ape9wkcar58184m6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments