Cloud Compliance Checker
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent remote cloud-compliance API skill, but users should be aware that cloud configuration details may be sent to an external service with limited provenance details.
This skill appears benign and purpose-aligned for checking cloud compliance through a remote API. Before using it, verify the provider and avoid putting secrets, access keys, or highly sensitive infrastructure details in the config field unless you trust the external service and its data-handling practices.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Cloud configuration details may leave the user's environment and be processed by the external API provider.
The skill sends user-provided cloud configuration parameters to a third-party API endpoint. This is aligned with the compliance-checking purpose, but the artifacts do not describe privacy, retention, or handling boundaries for submitted configuration data.
`config` | string | No | JSON string containing provider-specific configuration options...; References: Kong Route: https://api.mkkpro.com/compliance/cloud-compliance
Only submit non-secret configuration data unless you have verified the provider's trustworthiness and data-handling terms.
Users have limited registry-level information for independently verifying who operates the remote API.
The registry metadata does not identify a source repository or homepage, while the skill relies on an external API service. This is a provenance gap, though no local code or install script is present.
Source: unknown; Homepage: none
Review the linked provider documentation and terms before sending any sensitive cloud or compliance information.