ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cloud Compliance Checker

Validates cloud infrastructure configurations against industry compliance standards and regulatory frameworks.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 86 · 0 current installs · 0 all-time installs
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes performing compliance audits for cloud providers (AWS, Azure, GCP, Kubernetes). However, the skill declares no required environment variables, credentials, or config paths. Real cloud scans normally require provider credentials or explicit instructions for how to supply infrastructure state; that mismatch (no declared auth but capability to scan providers) is unexplained.
!
Instruction Scope
The instructions define a /check-compliance API and example requests that include a 'config' payload. They implicitly require sending potentially sensitive cloud configuration and possibly credentials to remote endpoints (toolweb.in / api.mkkpro.com). The SKILL.md does not constrain what to include in 'config' or warn about sensitive data, so it could result in exfiltration of secrets if a user provides them.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk or installed, which reduces supply-chain risk. The openapi.json is a local description only.
!
Credentials
No environment variables, credentials, or config paths are declared despite functionality that usually needs access to cloud accounts or infrastructure state. This could mean the service expects users to paste credentials/config into requests (risky) or that the skill is incomplete/underspecified.
Persistence & Privilege
always is false and the skill is not forced-installed. Model invocation is allowed (default) but that is normal and not by itself a problem.
What to consider before installing
Before installing or using this skill, consider: (1) The skill will direct you to send cloud configuration data to external endpoints (toolweb.in / api.mkkpro.com). Do not send secrets, long-lived API keys, or production configuration until you verify the vendor. (2) Ask the publisher for an official homepage, privacy/security policy, and documentation describing what the remote API stores and how it protects submitted data. (3) Prefer scanning with an on-prem or vendor-trusted tool if you must process sensitive cloud state. (4) If you test, use non-sensitive sample configs. (5) If you need automated scans that access cloud APIs, prefer skills that explicitly declare required credentials and describe secure authentication flows (e.g., temporary role-based access) rather than asking you to paste credentials into free-text fields.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97fy5bxgj6nz37t0t26b5nhm983bk21

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Overview

The Cloud Compliance Checker is a powerful API for auditing cloud infrastructure against multiple compliance standards and regulatory requirements. It enables security teams, cloud architects, and compliance officers to systematically verify that their cloud deployments meet required security postures and compliance benchmarks.

This tool supports major cloud providers and compliance frameworks, allowing organizations to perform automated compliance validation on their cloud configurations. Whether you're preparing for a security audit, maintaining continuous compliance, or validating infrastructure-as-code deployments, this API provides rapid, standardized compliance assessment against recognized standards.

Ideal users include DevSecOps teams automating compliance checks in CI/CD pipelines, cloud security engineers validating multi-cloud deployments, compliance auditors performing infrastructure reviews, and organizations managing regulatory obligations across diverse cloud environments.

Usage

Example Request:

{
  "provider": "aws",
  "standard": "cis",
  "config": "{\"region\": \"us-east-1\", \"scan_type\": \"full\"}"
}

Example Response:

{
  "compliance_status": "passed",
  "provider": "aws",
  "standard": "cis",
  "checks_performed": 156,
  "checks_passed": 154,
  "checks_failed": 2,
  "compliance_percentage": 98.7,
  "failed_checks": [
    {
      "check_id": "CIS-1.2",
      "title": "Ensure MFA is enabled for all IAM users",
      "severity": "high",
      "resource": "iam-user-admin"
    },
    {
      "check_id": "CIS-2.1",
      "title": "Ensure CloudTrail is enabled on all regions",
      "severity": "medium",
      "resource": "eu-west-1"
    }
  ],
  "timestamp": "2024-01-15T10:30:00Z",
  "scan_duration_seconds": 42
}

Endpoints

POST /check-compliance

Performs a comprehensive compliance audit against specified cloud provider and compliance standard.

Method: POST

Path: /check-compliance

Parameters:

NameTypeRequiredDescription
providerstringYesCloud provider identifier (e.g., aws, azure, gcp, kubernetes)
standardstringYesCompliance framework or standard (e.g., cis, pci-dss, hipaa, sox, nist, iso27001)
configstringNoJSON string containing provider-specific configuration options. Default: "{}". Supports parameters like region, scan_type, resource_filters, etc.

Response (200 - Success):

Returns a JSON object containing:

  • compliance_status: Overall status (passed/failed/warning)
  • provider: The cloud provider checked
  • standard: The compliance standard used
  • checks_performed: Total number of compliance checks executed
  • checks_passed: Number of passing checks
  • checks_failed: Number of failing checks
  • compliance_percentage: Percentage of checks passed
  • failed_checks: Array of failed checks with check_id, title, severity, and resource
  • timestamp: UTC timestamp of the scan
  • scan_duration_seconds: Time taken to complete the audit

Response (422 - Validation Error):

Returns validation error details when required parameters are missing or invalid.

{
  "detail": [
    {
      "loc": ["body", "provider"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…