ClawHub

Compliance Qa

v0.1.0

Compliance-specific Q&A with regulatory interpretation guardrails, source attribution, confidence scoring, and escalation triggers when context is insufficie...

0· 232·0 current·0 all-time
by@dangsllc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md: a compliance Q&A assistant that operates over provided documents. There are no unrelated environment variables, binaries, or install steps requested that would be inconsistent with that purpose.
Instruction Scope
The runtime instructions restrict answers to the provided context and include sensible guardrails (no hallucination, no legal advice, escalation triggers). The SKILL.md also lists allowed-tools: Read, Glob, Grep, WebFetch — appropriate for RAG usage, but these tools can read local files or fetch external documents if the agent/platform grants that capability. The instructions themselves do not tell the agent to access unrelated files or secrets.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk installation pattern and aligns with the declared purpose.
Credentials
No environment variables, credentials, or configuration paths are requested. The lack of secret requests is proportionate for a document-based Q&A assistant.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modify other skills. Autonomous invocation is allowed by default but is not combined with any other elevated privileges here.
Assessment
This skill is coherent: it only contains instructions (no code) and asks nothing unusual. Two practical checks before installing: (1) confirm what agent tooling (Read, Glob, Grep, WebFetch) will actually be enabled — if the agent/platform grants file-system or broad web access, that increases data-exposure risk; (2) remember the SKILL.md is an instruction set the agent is supposed to follow, but the platform does not technically enforce 'only use provided context'—ensure your deployment enforces appropriate tool and data access controls and routes high-risk or legal questions to a human reviewer as the skill itself recommends.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c7ab76pcwnted6mvrkkxn6182a9s8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments