Compliance Evidence Assembler
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do the advertised local audit-evidence organization, with the main caution that it can run a local Python script to scan a user-selected evidence folder and generate a report.
This skill looks suitable for organizing audit evidence into reviewable reports. Before using it, choose a narrow input directory, avoid pointing it at broad personal or company folders, review the generated output before sharing it, and remember that it is not a substitute for a formal audit conclusion.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less external information for verifying the publisher or upstream project.
The artifacts disclose limited upstream provenance. No remote installer, package dependency, or hidden helper is shown, so this is a provenance notice rather than a security concern.
Source: unknown; Homepage: https://example.invalid/skills/compliance-evidence-assembler
Install only if you trust the registry entry and are comfortable with the included reviewed files.
Running the helper script can read the selected input path and write a report to the selected output path.
The skill may invoke a bundled local Python script through shell/exec. This is disclosed and central to the skill's purpose, but it means the user should review the command and chosen paths.
如运行环境允许 shell / exec,可使用:`python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>`Run it only on intended evidence material, choose a safe output path, and use review or dry-run workflows where appropriate.
The generated report may include file names, extension summaries, and Markdown headings from local audit evidence.
The script recursively samples files in a user-selected directory and reads Markdown headings for the generated report. This is purpose-aligned for evidence assembly, but local evidence folders may contain sensitive names or contents.
for path in root.rglob("*") ... text = read_text(p) ... headings.append((p.name, line.strip()))Point the skill at a narrow evidence folder, avoid broad home or company directories, and redact sensitive material before sharing generated reports.