v1.0.0

Compliance Gap Filler

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:53 AM.

Analysis

The skill appears to be a straightforward remote compliance-advice API, but using it may send your listed control gaps to a third-party endpoint.

GuidanceThis looks suitable for generating compliance remediation ideas from a list of known gaps. Before installing or using it with real audit data, confirm you are allowed to share those control gaps with the external API provider and avoid including confidential system names, customer details, or internal evidence unless necessary.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

POST /fill-compliance-gaps ... "missing_controls" ... "Kong Route: https://api.mkkpro.com/compliance/gap-filler"

The skill sends user-provided lists of missing compliance controls to a disclosed third-party API endpoint. This is aligned with the skill's purpose, but the data may expose details about the user's security and compliance weaknesses.

User impactIf you include organization-specific control gaps, the external API provider may receive information about areas where your security program is incomplete.

RecommendationUse the skill only with data you are comfortable sharing with the API provider; anonymize sensitive organization details where possible and verify the provider's privacy/retention terms before submitting real audit findings.