AI Compliance
v1.1.0AI compliance analysis for EU AI Act, ISO 42001, NIST AI RMF, GDPR, OECD, financial services regulations (SEC, FCA, FINRA, DORA, MiFID II), and other framewo...
⭐ 0· 199·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (AI compliance across EU AI Act, ISO 42001, NIST, GDPR, financial regs) matches the included templates and reference files. The files and templates present are consistent with producing checklists, assessments, gap analyses and playbooks — no unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md instructs the agent to load relevant reference files and to gather information from the user about the AI system/use case, then produce structured compliance outputs. A few playbooks (incident-response, remediation) reference pulling prompts or events from 'webhook_events' or DLP logs; the skill does not declare any config paths or require automatic access to such logs, so those references are contextual examples but could lead an agent to attempt log access if given broad runtime permissions.
Install Mechanism
This is instruction-only (no install spec, no code files to execute). That is the lowest-risk install mechanism and consistent with the skill's purpose.
Credentials
The skill does not request environment variables or credentials. However, some reference files include operational commands and hard-coded operational guidance (e.g., storing secrets in /etc/openclaw/secrets.env and chown to user 'bcaddy', 'fi.com' telemetry references, and calls to webhook_events/DLP logs). Those are plausible for an in-house compliance runbook but are firm-specific and could be dangerous if copied verbatim into a different environment.
Persistence & Privilege
always:false, no install, and no requested system configuration changes. The skill does not request persistent presence or elevated platform privileges.
Assessment
This skill appears to be a coherent compliance toolkit (checklists, templates, and playbooks) and is likely useful for producing compliance outputs. Before using: 1) Review and remove or adapt any firm-specific examples (mentions of fi.com, webhook_events, or OpenClaw-specific paths/users) so you don't leak internal assumptions. 2) Do NOT execute any shell commands from remediation playbooks verbatim—verify they match your OS, user accounts, and security policies. 3) If you plan to have the agent access logs or webhook_events, ensure the agent runtime has explicit, auditable authorization to read those sources — otherwise the skill should ask you to provide relevant extracts rather than access them directly. 4) Confirm any vendor-contact or deletion requests described in playbooks are handled by authorized legal/security staff. If you want a more strict review, provide the exact runtime environment (what logs or systems the agent can access) and I can flag any instructions that would try to read or modify those assets.Like a lobster shell, security has layers — review code before you run it.
latestvk978fqvzp6aht7v2n9q35w401182vw38
License
MIT-0
Free to use, modify, and redistribute. No attribution required.