Complianceradar Ai Monitor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is broadly coherent for regulatory monitoring, but it uses several business-facing APIs, webhooks, AI analysis, and audit logging that users should scope carefully.
Before installing, confirm exactly which Slack channel, regulatory APIs, AI provider, and audit logs will be used. Use least-privilege credentials, preview messages before sending them to teams, and avoid submitting sensitive business or customer data unless your organization approves that data flow.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misconfigured or over-scoped, the agent could use sensitive API keys or post compliance messages to the wrong Slack destination.
The skill requires multiple external-service credentials and a Slack webhook. This matches the compliance-monitoring and notification purpose, but these credentials can access or post to real services.
export SEC_API_KEY="your-sec-api-key" ... export FDA_API_KEY="your-fda-api-key" ... export GDPR_MONITOR_TOKEN="your-gdpr-monitor-token" ... export SLACK_WEBHOOK_URL="https://hooks.slack.com/services/YOUR/WEBHOOK/URL" ... export OPENAI_API_KEY="sk-..."
Use dedicated, least-privilege keys and a channel-specific Slack webhook; rotate or revoke them if the skill is no longer used.
The agent may create alerts, logs, or tasks that teammates treat as official compliance work.
The skill describes writing or posting into team systems. This is aligned with its purpose, but it can affect business workflows if run without review.
automatically routes compliance action items to your team via Slack ... Google Sheets Logging: Automatic compliance event logging for audit trails ... Jira/Asana Integration: Creates compliance tasks with due dates and ownership
Require a preview and explicit approval before posting to Slack, logging to Sheets, or creating tasks.
Sensitive business or compliance information could be included in prompts, reports, or retained audit logs.
The skill may process internal business, customer, and compliance context through an AI provider and then store impact assessments for audit use.
Uses GPT-4 to analyze regulatory changes against your organization's: Business model and revenue streams; Current compliance policies; Geographic footprint and customer base; Industry classification and risk profile
Share only necessary information, redact sensitive data where possible, and define retention and access controls for generated reports and audit trails.
A monitoring workflow could keep sending alerts or creating records after the initial request if schedule controls are not clear.
The skill is framed as an ongoing monitor. No code or scheduler is present in the supplied artifacts, but users should treat continuous monitoring as an ongoing automated activity if implemented.
continuously monitors authoritative sources ... check_frequency: "daily"
Make monitoring schedules explicit, keep them opt-in, and document how to pause or disable ongoing notifications.