ClawHub

Framework Mapping

v0.1.1

Bidirectional mapping between document sections and compliance framework controls with confidence scoring. Produces per-section control mappings and per-cont...

0· 238·0 current·0 all-time
by@dangsllc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (bidirectional compliance mapping) matches the SKILL.md procedures and output formats. No unrelated environment variables, binaries, or install steps are requested.
Instruction Scope
The SKILL.md provides a narrow, well-specified mapping procedure and explicit output schemas. It allows the agent to use Read, Glob, Grep (access workspace files) and WebFetch (network access). Those tools are reasonable for the task, but the instructions do not constrain which files the agent may read or which external endpoints WebFetch may contact — this has privacy/import-export implications when processing sensitive documents.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk or fetched at install time.
Credentials
No environment variables, credentials, or config paths are requested. The declared requirements are proportionate to the described functionality.
Persistence & Privilege
always:false and no claims of modifying other skills or system settings. Autonomous invocation remains enabled (platform default) but is not combined with unusual privileges.
Assessment
This skill is internally coherent and matches its stated purpose. Before installing or invoking it: (1) When running on sensitive or regulated documents, avoid letting the agent scan your entire workspace — provide only the specific document or run in an isolated environment. (2) The allowed WebFetch tool can contact external sites; if you cannot allow document content to leave your environment, disable or restrict network access for the skill. (3) Review outputs for potential exposure of PII or secrets, and consider using a local/framework reference copy rather than fetching framework text from the web. If you want additional assurance, request an explicit whitelist of domains the skill will query or an offline-only mode.

Like a lobster shell, security has layers — review code before you run it.

latestvk972acxhaewrh9rbpxjmqe06ph82b1bf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments