ClawHub

Hipaa Gap Analysis

v0.1.0

Assess compliance documents against HIPAA Security Rule and Privacy Rule requirements. Produces structured findings with coverage status, confidence scores,...

0· 238·0 current·0 all-time
by@dangsllc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (HIPAA gap analysis) align with the SKILL.md instructions: systematically read a supplied compliance document, map text to HIPAA controls, extract quotes, and produce structured findings. No unrelated environment variables, binaries, or install steps are requested.
Instruction Scope
The runtime instructions are narrowly scoped to analyzing the provided document and referencing specific 45 CFR citations. They explicitly require quoting exact evidence and not fabricating text. The SKILL.md header lists allowed-tools (Read, Glob, Grep, WebFetch) — these tools make sense for searching documents and fetching regulation text, but they also could be used to read other files on the agent's filesystem if the agent runtime grants broader file access. The skill does not itself instruct reading environment variables or unrelated system paths.
Install Mechanism
No install spec and no code files are present. This is instruction-only, which minimizes disk-write and supply-chain risk.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportional for a document-analysis auditor.
Persistence & Privilege
always is false and the skill does not request persistent system changes or access to other skills' configs. Model invocation is allowed (default), which is expected for a user-invocable skill.
Assessment
This skill appears coherent and does what it claims: analyze a provided compliance document against HIPAA controls. Before using it, avoid pasting real protected health information (PHI) unless you trust where processing occurs (local vs remote) and understand retention/usage policies. Confirm whether the agent runtime will limit file access to only the document you supply (the listed tools could read other local files if permitted). If you need to analyze sensitive documents, redact PHI or use a vetted, on-premises tool. Finally, because the skill can fetch regulation text (WebFetch), you may want to verify that it only fetches known regulatory sources and does not transmit your document to unknown endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk973f19xjzj71mr7rmg21hdasx82aqnp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments