creem-audit-kit
v0.1.0Generate a Creem audit-ready compliance pack with legal policies, a preflight checklist, and site surface punchlists for MoR onboarding or review.
⭐ 0· 105·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included assets and workflow: templates for five legal pages, a preflight checklist, and site-surface punchlists. There are no unrelated requirements (no env vars, binaries, or external services) that would be inconsistent with generating documentation for Creem review.
Instruction Scope
SKILL.md instructs the agent to fill inputs, tailor the provided checklist, generate pages from shipped templates, and run consistency checks using included reference files. All referenced files are present in the bundle and there are no instructions to read unrelated system files, exfiltrate data, or contact external endpoints.
Install Mechanism
No install spec and no code files — the skill is instruction-only, which minimizes risk. Nothing will be downloaded or executed on disk by the skill itself.
Credentials
The skill declares no environment variables, credentials, or config paths. The templates use placeholders for user-supplied inputs; requiring no secrets is proportionate to the described task.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. Autonomous invocation is permitted by default but that is normal; there is no indication the skill will write system-wide configs or persist credentials.
Assessment
This bundle is coherent and appears to be what it claims: a templates-and-checklist kit for preparing Creem onboarding materials. Before using it, do the following: (1) do not paste secrets or full payment card data into the inputs or generated pages; (2) review and localize all templates with your legal counsel—these are generic templates and may not satisfy jurisdictional requirements (e.g., GDPR/CCPA) or Creem-specific contract details; (3) fill placeholders deliberately (or leave [TODO] rather than letting the agent guess) to avoid hallucinated/legal statements; (4) verify site/product-specific claims (refund timing, auto-renew behavior, who is the Merchant of Record) so you don’t accidentally contradict Creem or your own billing implementation. If you want extra assurance, ask for a summary of all TODOs and a highlighted diff showing changes to the templates before publishing.Like a lobster shell, security has layers — review code before you run it.
latestvk977rz6wp4328mpwya023qyn6d833g5y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.