AuditClaw Github

The skill's code, runtime instructions, and requested environment access are consistent with a GitHub compliance evidence collector that runs read-only checks and stores results in the user's GRC database.

This skill appears to do what it says: read-only GitHub checks and local evidence storage. Before installing: (1) Create a fine-grained GitHub token scoped to the minimum repositories and read-only permissions the skill needs (avoid granting unnecessary org admin rights). (2) Understand that the token allows reading sensitive data (secret scanning alerts, Dependabot, members, audit logs) — only use a token you are comfortable exposing to the local environment. (3) Ensure auditclaw-grc is installed and you trust the local GRC database path (~/.openclaw/grc/compliance.sqlite) since the skill will insert and update records there. (4) Review scripts/github-permissions.json and scripts/github_evidence.py if you want to confirm exactly which API calls and DB writes will occur, and rotate the token periodically (the SKILL.md rightly recommends expiration/rotation).