compliance-auditor
PassAudited by ClawScan on May 8, 2026.
Overview
This is an instruction-only compliance audit checklist skill with no code, credentials, or install actions; the main caution is that audits may involve sensitive regulated data.
This appears safe to install as an instruction-only compliance assistant. Use it for checklists and draft audit reports, redact sensitive PII/PHI/PCI whenever possible, and do not treat its output as a substitute for qualified compliance or legal review.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If users paste real personal, health, or payment-card details, that information may appear in the conversation and audit output.
The skill is meant to support compliance audits involving sensitive personal, health, and payment-card data. This is purpose-aligned, and the artifacts do not show persistence or exfiltration, but users may place sensitive data into chat context or generated reports.
Data Types: [PII, PHI, PCI, etc.]
Use redacted examples, schemas, control descriptions, or summaries where possible, and avoid sharing unnecessary raw regulated data.
Users could over-rely on generated compliance guidance as if it were an official audit or legal opinion.
This is an authority-style claim that may increase user trust. It does not show deception or unsafe behavior, but the artifacts do not establish certification, affiliation, or legal authority.
using proven patterns from production AI systems (Oracle, IBM Watson Governance)
Treat outputs as draft checklists or analysis aids and have qualified legal, privacy, or compliance professionals review decisions.