AuditClaw Gcp
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can read a wide range of GCP project metadata, IAM/security settings, resource names, and audit-relevant configuration, though the provided code shows read-only GCP API usage.
The skill requires GCP credentials and project-level read roles, including broad viewer and security-reviewer access, to inspect cloud configuration.
**Credentials**: Uses standard GCP credential chain (`GOOGLE_APPLICATION_CREDENTIALS` or `gcloud auth`). ... Required IAM Roles ... `roles/viewer` ... `roles/iam.securityReviewer`
Use a dedicated service account limited to the intended project, grant only the documented read-only roles, store the JSON key securely, and rotate or revoke it when no longer needed.
The local GRC database may retain sensitive cloud security evidence such as resource names, service account emails, firewall findings, and configuration details that other GRC workflows may later read.
The orchestrator stores detailed check results, including JSON evidence, in a persistent local GRC SQLite database.
DEFAULT_DB_PATH = os.path.expanduser("~/.openclaw/grc/compliance.sqlite") ... "--file-content", json.dumps(result, default=str)Protect the GRC database file, avoid running the sweep against unintended projects, and review or remove stored evidence before sharing backups or workspaces.
Running this skill may also run code from the companion auditclaw-grc skill, which is expected for the integration but means both skills must be trusted.
When the companion auditclaw-grc helper is present, this skill executes that local db_query.py script to add evidence to the shared database.
cmd = [sys.executable, db_query, "--db-path", db_path, "--action", "add-evidence", ...] ... subprocess.run(cmd, capture_output=True, text=True)
Install auditclaw-grc from a trusted source and keep both skills updated; if desired, review the companion db_query.py before running evidence collection.