Compliance Posture Intake
v0.1.0Comprehensive HIPAA compliance posture assessment for agent and API contexts. Runs a structured intake covering all Seven Elements of an effective compliance...
⭐ 0· 226·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name and description match the SKILL.md: it guides a conversational intake, analyzes user-provided compliance documents, and produces a report. Optional chaining to a 'rote-compliance-toolkit' is declared as optional and consistent with the claimed functionality. No unrelated credentials or binaries are requested.
Instruction Scope
The instructions direct the agent to run a structured interview and analyze documents the user supplies. Allowed tools include Read, Glob, Grep, WebFetch, WebSearch, and Write — which is coherent for document analysis but means the agent could read files available in its context or perform web/network operations if those tools are enabled. The SKILL.md itself does not instruct the agent to read unrelated system secrets or to exfiltrate data, but users should confirm which tools/endpoints the agent environment exposes before supplying PHI.
Install Mechanism
There is no install spec and no code files; this is instruction-only, which minimizes on-disk risk. Nothing is downloaded or installed by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to an intake and document-analysis workflow.
Persistence & Privilege
The skill is not always-enabled and does not request persistent agent-level privileges or to modify other skills. Autonomous invocation is allowed by platform default; nothing in SKILL.md requests elevated persistence.
Assessment
This skill appears coherent and low-risk as an instruction-only intake workflow, but exercise caution before supplying real PHI or organization secrets. Verify the agent context's tool permissions: if Read/Glob/Grep are enabled the agent may access files present in its workspace; if WebFetch/WebSearch are enabled it may send data to external endpoints. Only provide documents you intend to be analyzed, prefer de-identified data where possible, and confirm whether your agent environment will chain to external services (Claude Code, Rote MCP, or any third-party API) before sharing sensitive material. Because the skill's source/homepage is unknown, consider running it in an isolated or non-production environment first and review the full SKILL.md to ensure no steps require access to unrelated system data.Like a lobster shell, security has layers — review code before you run it.
latestvk979ehabmcg8wevwjfachr3n7582ajet
License
MIT-0
Free to use, modify, and redistribute. No attribution required.