ClawHub

the compliance claw

v1.0.0

Regulations change 4,000+ times per year. Your clients can't track them all. complianceclaw monitors federal and state regulatory changes, maps them to your...

0· 462·3 current·3 all-time
byJagadeeshvar Muralidharan@jagadeeshmurali-coder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description and CLI commands are consistent with a regulatory-monitoring/compliance product and the only runtime requirement declared is the 'complianceclaw' binary. However the SKILL.md documents integrations (Google Calendar sync, emailing assignments, exporting PDFs, historical archive access, real-time feeds) that typically require credentials, API keys, or network access; the skill declares no required environment variables or config paths to support those integrations.
Instruction Scope
The SKILL.md lists many explicit commands (watch, feed, checklist generate, obligation map, calendar sync, report export). It does not instruct the agent to read arbitrary system files or secrets, but several commands imply access to user files (evidence PDFs) and external services (Google sync, email routing). The doc does not specify how credentials are supplied, how OAuth flows are handled, nor whether files are uploaded off-machine — this lack of detail widens the agent's scope by omission.
Install Mechanism
Install is via a Homebrew tap (legal-tools/tap/complianceclaw) which will place a binary on the system. Homebrew is a normal install path, but this is a third-party tap rather than an official core formula; installing a third-party binary means you should verify the tap and binary source (signing, GitHub releases, maintainers) before trust. No additional install artifacts are present in the skill bundle (instruction-only).
!
Credentials
The skill requests zero environment variables, yet features described (Google Calendar sync, routing obligations to email addresses, integrations with feeds/archives) normally require OAuth credentials, API keys, or SMTP/ESMTP information. The absence of declared credentials is an inconsistency: either the binary will prompt for/obtain credentials at runtime, or it expects system-level tokens/configs — both of which should have been documented. This gap raises risk about where credentials would be stored or how they are used.
Persistence & Privilege
The skill does not request always: true and is user-invocable only. No config paths or persistent privileges are requested in the SKILL.md. Installing the brew binary gives it the normal privileges of any installed program, but the skill metadata does not request elevated or platform-wide persistence beyond that.
What to consider before installing
This appears to be a legitimate compliance CLI, but exercise caution before installing the binary from the third‑party Homebrew tap. Steps to consider: - Verify the tap and upstream repository (check GitHub releases, source code, maintainers, and binary signatures). Confirm the 'legal-tools' tap and 'complianceclaw' formula come from a trusted maintainer. - Ask the vendor how integrations work: where and how Google OAuth tokens, SMTP/email routing credentials, or API keys are provided and stored. Do not supply secrets until you confirm secure storage and minimal scope. - Test the binary in an isolated environment (VM or container) before installing on production machines to observe network behavior and file access. - If you require enterprise use, request an audit or source distribution you can compile/verify yourself instead of opaque binaries. - If you proceed, restrict network access and monitor outgoing connections until you’re comfortable with its behavior. If the vendor can demonstrate signed releases and clear documentation for authentication flows (OAuth screenshots, config file locations, encryption at rest), that would raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jaqmww5f24f5kw7dr64vsx81q79k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏛️ Clawdis
Binscomplianceclaw

Install

Install complianceclaw (brew)
Bins: complianceclaw
brew install legal-tools/tap/complianceclaw

Comments