ClawHub

Guardian Compliance

v1.0.0

Immigration, tax, and business compliance alerts. Check your STEM OPT, H-1B, I-140, CPT status, upcoming deadlines, risk findings, and tax filing obligations...

0· 63·0 current·0 all-time
byChenyu Li@lee-chenyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: scripts call guardian-compliance.fly.dev endpoints to fetch timelines, documents, findings, and to post chat questions. Required binaries (curl, jq) and the GUARDIAN_TOKEN credential are appropriate for this purpose.
Instruction Scope
Runtime instructions are narrow: run bundled scripts which only call the Guardian API and print JSON-derived summaries. Minor mismatch: SKILL.md documents an optional GUARDIAN_API_URL override but this env var is not listed under requires.env in metadata (informational only). Scripts do not read arbitrary local files or other env vars.
Install Mechanism
No install spec; the skill is instruction + shell scripts that run in-place. Nothing is downloaded or extracted at install time, which is the lower-risk pattern.
Credentials
Only a single credential (GUARDIAN_TOKEN) is required. That is proportional to the stated functionality, but note that the token grants access to potentially sensitive compliance documents and findings stored on the Guardian service.
Persistence & Privilege
always is false and the skill is user-invocable. disable-model-invocation is false (autonomous calls are allowed), which is normal — be aware that an agent with permission to autonomously invoke skills could call these endpoints and transmit data to the Guardian service using the stored token.
Assessment
This skill calls Guardian's API and requires a GUARDIAN_TOKEN that gives access to your compliance documents and findings. Only install if you trust the guardian-compliance.fly.dev service and are willing to let the agent send your questions and fetch your documents to that endpoint. Consider: (1) limiting the token's scope if the service supports scoped or read-only tokens; (2) not setting the token unless you need the skill; (3) confirming the API_URL if you override it (don't point it to an untrusted host); and (4) disabling autonomous invocation or reviewing agent permissions if you don't want the agent to call the skill without each explicit user prompt.

Like a lobster shell, security has layers — review code before you run it.

latestvk971xv6nfe4jnn8621msx9492s83nd74

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
OSmacOS · Linux
Binscurl, jq
EnvGUARDIAN_TOKEN
Primary envGUARDIAN_TOKEN

Comments