ClawHub

PCI DSS Checker

v1.0.0

Evaluates an organization's payment card processing environment against PCI DSS requirements and returns a comprehensive compliance assessment.

0· 80·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (PCI DSS compliance assessment) matches the provided OpenAPI schema and SKILL.md: the skill expects a detailed questionnaire about payment processing and returns an assessment. There are no unrelated binaries, credentials, or installs requested that would be inconsistent with the stated purpose.
Instruction Scope
SKILL.md and openapi.json define a POST /pci-compliance endpoint and sample request/response; the instructions are scoped to accepting a JSON assessment payload and producing a compliance report. The instructions do not direct the agent to read system files, environment variables, or other unrelated data sources. Note: SKILL.md does not specify any server URL or external endpoint, implying the assessment is intended to be performed by the skill itself rather than forwarded — confirm runtime behavior before sending sensitive data.
Install Mechanism
No install specification or code files are present (instruction-only skill). This is low risk from an install/execution perspective because nothing is fetched or written to disk by an install step.
Credentials
The skill requests no environment variables or credentials, which is proportionate. However, the API schema requires many pieces of potentially sensitive compliance data (presence of card storage, cryptographic keys, encryption status, etc.). That sensitivity is expected for a PCI self-assessment tool, but users should avoid submitting actual PANs, secret keys, or unredacted sensitive artifacts — only provide high-level or redacted answers unless you trust where processing occurs.
Persistence & Privilege
always:false and no config paths or other persistence are requested. The skill does not request elevated or persistent privileges and does not modify other skills' settings.
Assessment
This skill appears to be what it says: a questionnaire-based PCI DSS self-assessment. Before using it, confirm where the assessment is processed (locally vs. sent to an external server). Never submit actual cardholder data, PANs, or private cryptographic keys — provide redacted or high-level answers instead. If you must provide sensitive implementation details, verify the skill's provenance/trustworthiness (author, hosting, privacy policy). If you need an auditor-level assessment, prefer vetted third-party PCI QSAs and do not rely solely on automated self-assessments.

Like a lobster shell, security has layers — review code before you run it.

latestvk979v0rf6d2p1e62h04n2jb27n83fehe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments