ClawHub

Afrexai Regulatory Compliance.Skip

v1.0.0

Conduct comprehensive regulatory compliance audits across US, UK, and EU frameworks with gap analysis, risk scoring, and a 90-day remediation roadmap.

0· 39·0 current·0 all-time
by@shark1973·fork of @1kalin/afrexai-regulatory-compliance (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name, description, README, and SKILL.md all align on providing a regulatory compliance audit across multiple frameworks. However, README language (e.g., "automatically identifies which regulations apply") implies automation or tooling that does not exist in this package — the skill is instruction-only with no code or install. That is a minor mismatch (marketing vs. actual capability) but not a security risk by itself.
Instruction Scope
SKILL.md is a comprehensive, scoped checklist and remediation roadmap. It does not instruct the agent to read system files, environment variables, or install anything. It does, however, require the agent/operator to collect business-sensitive information (industry, revenue, data types, PHI, card-handling details, vendor lists, etc.) which is expected for this task but means users must avoid sending sensitive data to untrusted endpoints or agents. The instructions are otherwise bounded to the stated audit purpose.
Install Mechanism
No install spec and no code files — the lowest-risk model. Nothing will be written to disk or downloaded by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no disproportionate secret requests.
Persistence & Privilege
always is false and disable-model-invocation is default. The skill does not request persistent or elevated platform privileges.
Assessment
This is an instruction-only compliance playbook (no code runs by default). Before using it: (1) don't paste real sensitive secrets or PHI into the agent — redact or use representative/demo data when possible; (2) be aware the README advertises automation and paid bundles, but the package itself is a manual checklist/guide — expect to do the analysis yourself or supply an agent with contextual data; (3) verify any external links (afrexai-cto.github.io) before clicking and be cautious about paid upsells; (4) if you need legal/regulatory interpretation, engage counsel rather than relying solely on the checklist; (5) test with minimal non-sensitive inputs first to confirm behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b74vceaw67a0s372xmjqvnn844931

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments