Install
openclaw skills install @agent-compliance-org/compliance-audit-assistantSecurity and compliance auditing tool for AI agents. Scans code for vulnerabilities, checks GDPR/CCPA compliance, generates risk reports with remediation guidance.
openclaw skills install @agent-compliance-org/compliance-audit-assistantA comprehensive security and compliance auditing tool designed specifically for AI agents in the OpenClaw/ClawHub ecosystem.
eval(), exec(), compile() usageos.system(), subprocess.Popen() callspickle.loads(), yaml.load() patternsUse this skill when you need to:
Scan this Python code for security issues:
import os
import pickle
def process_user_input():
cmd = input("Enter command: ")
os.system(cmd)
data = pickle.loads(user_data)
return eval(expression)
Risk Score: 65/100 (WARNING)
Vulnerabilities Found:
1. CRITICAL - Command Injection (Line 5)
Issue: os.system() with user input
Fix: Use subprocess.run() with explicit arguments list
2. HIGH - Unsafe Deserialization (Line 8)
Issue: pickle.loads() on untrusted data
Fix: Use JSON or safe serialization format
3. CRITICAL - Code Injection (Line 10)
Issue: eval() with dynamic expression
Fix: Use ast.literal_eval() for safe evaluation
# Scan a file
clawhub run @epstion518/compliance-audit-assistant --file agent.py
# Scan inline code
clawhub run @epstion518/compliance-audit-assistant --code "import os; os.system('ls')"
# JSON output for pipelines
clawhub run @epstion518/compliance-audit-assistant --file agent.py --format json
from compliance_audit import SecurityScanner
scanner = SecurityScanner()
result = scanner.scan_code(your_agent_code)
print(f"Risk Score: {result['risk_score']}")
for vuln in result['vulnerabilities']:
print(f"{vuln['severity']}: {vuln['description']}")
| Option | Type | Default | Description |
|---|---|---|---|
| language | string | auto | Target programming language |
| strict_mode | boolean | false | Enable stricter checking rules |
| exclude_patterns | array | [] | Regex patterns to exclude |
| output_format | string | text | Output: text, json, html |
MIT-0 (No Attribution Required)
@epstion518 - Agent Compliance Org
For issues, feature requests, or questions: