ClawHub

AI Safety Audit

v1.0.0

Performs a comprehensive AI safety audit mapping systems to EU AI Act risk tiers, assessing 30 controls across six domains, and generating a 90-day remediati...

0· 475·0 current·0 all-time
by@1kalin
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and SKILL.md all describe an AI safety audit and the included controls, scoring, and outputs align with that purpose. There are no unrelated required binaries, environment variables, or install steps that contradict the stated function.
Instruction Scope
The SKILL.md is high-level and prescriptive about what to produce (inventory, classification, scorecard, roadmap) but does not define concrete data sources or safe boundaries. This gives the agent broad discretion to ask for or attempt to collect inventory and evidence; that is reasonable for an audit but creates a scope/privilege risk if the agent is allowed to autonomously access systems or credentials without constraints.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes on-disk execution risk because nothing will be downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate to an instruction-only audit template. Note: at runtime the agent may request credentials or access from the user to gather evidence; those requests are not part of the package and should be evaluated before granting.
Persistence & Privilege
always:false and no installable components — the skill does not request permanent presence or system-level changes. The agent may still be allowed to invoke the skill autonomously (platform default); that alone is not flagged but users should be mindful of the agent's allowed actions when the skill is active.
Assessment
This instruction-only skill appears coherent for performing an AI safety audit, but its runtime instructions are intentionally high-level and will require the agent to gather evidence (model inventories, documentation, logs, etc.). Before using it: 1) Decide which data sources you permit the agent to access and avoid handing long-lived credentials; prefer scoped, read-only accounts or temporary credentials. 2) Be cautious if you allow autonomous invocation — the agent could repeatedly attempt to collect data. 3) Confirm whether you want the agent to contact any external links or services (the SKILL.md contains promotional links to paid packs). 4) Test the skill in a controlled environment (non-production data) first and review any requested actions or outputs. If you want a stronger assessment, request the skill author provide explicit runtime steps (what data sources are read, what evidence formats are expected) or include code that enforces safe, read-only collection methods.

Like a lobster shell, security has layers — review code before you run it.

EU AI Actvk9717dg41xckjyezqg58d55q2x81hh0eNISTvk9717dg41xckjyezqg58d55q2x81hh0ealignmentvk9717dg41xckjyezqg58d55q2x81hh0eauditvk9717dg41xckjyezqg58d55q2x81hh0ecompliancevk9717dg41xckjyezqg58d55q2x81hh0elatestvk9717dg41xckjyezqg58d55q2x81hh0esafetyvk9717dg41xckjyezqg58d55q2x81hh0e
475downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@1kalin
EU AI ActNISTalignmentauditcompliancelatestsafety
Download

AI Safety Audit

Comprehensive AI safety and alignment audit framework for businesses deploying AI agents. Built around the UK AI Security Institute Alignment Project standards (2026), EU AI Act requirements, and NIST AI RMF.

What This Skill Does

When activated, the agent performs a structured safety audit of your AI deployment:

  1. AI System Inventory — Catalogs all AI models, agents, and automated decision systems in use
  2. Risk Classification — Maps each system to EU AI Act risk tiers (Unacceptable/High/Limited/Minimal)
  3. Safety Controls Assessment — Evaluates 30 controls across 6 domains
  4. Gap Analysis — Identifies missing safeguards with severity and remediation cost
  5. Compliance Roadmap — Generates a prioritized 90-day action plan

6 Audit Domains (30 Controls)

1. Model Governance (5 controls)

  • Model registry with version tracking
  • Access control and deployment permissions
  • Update and rollback procedures
  • Vendor risk assessment for third-party models
  • Model retirement and data deletion policy

2. Data Protection (5 controls)

  • Data residency and sovereignty mapping
  • PII detection and handling in AI pipelines
  • Training data provenance documentation
  • Data retention aligned with AI lifecycle
  • Cross-border data transfer compliance

3. Output Safety (5 controls)

  • Hallucination detection and mitigation
  • Bias testing across protected characteristics
  • Content filtering for harmful outputs
  • Confidence scoring and uncertainty flagging
  • Human-in-the-loop for high-stakes decisions

4. Security (5 controls)

  • Prompt injection defense
  • Model extraction prevention
  • API rate limiting and abuse detection
  • Adversarial input testing
  • Supply chain security for AI dependencies

5. Monitoring & Observability (5 controls)

  • Real-time output quality tracking
  • Drift detection (data and model)
  • Incident logging and alerting
  • Performance degradation monitoring
  • Cost tracking per AI workflow

6. Organizational Readiness (5 controls)

  • Named AI safety officer
  • Staff training program with completion tracking
  • Board-level AI risk reporting
  • Incident response playbook
  • Third-party audit schedule

Scoring

Each control scores 0-3:

  • 0 — Not implemented
  • 1 — Partially implemented, no documentation
  • 2 — Implemented with documentation
  • 3 — Implemented, documented, tested, and audited

Total: 90 points max

  • 0-30: Critical risk — stop deploying until gaps are addressed
  • 31-55: High risk — remediate within 30 days
  • 56-75: Moderate risk — address within 90 days
  • 76-90: Strong posture — maintain and iterate

Regulatory Mapping

FrameworkStatusKey Requirements
EU AI ActEnforcing 2026Risk classification, conformity assessment, transparency
UK AI Safety InstituteActive 2026Alignment testing, frontier model evaluation
NIST AI RMFPublishedGovern, Map, Measure, Manage lifecycle
ISO 42001PublishedAI management system certification
SOC 2 + AIEmergingAgent-specific controls (CC6/CC7/CC8)

Cost Benchmarks

Company SizeFull Audit CostAnnual ComplianceNon-Compliance Risk
15-50 employees$8K – $20K$18K – $45K$200K+
50-200 employees$20K – $55K$45K – $120K$500K – $2M
200-1000 employees$55K – $150K$120K – $400K$2M – $10M

Output Format

The agent delivers:

  1. Executive Summary — Overall score, top 3 risks, recommended actions
  2. Detailed Scorecard — All 30 controls with scores and evidence
  3. Gap Analysis — Missing controls ranked by risk severity
  4. 90-Day Roadmap — Phased remediation plan with cost estimates
  5. Board Report Template — One-page summary for leadership

Industry Adjustments

The audit adjusts control weighting based on industry:

  • Healthcare: Output safety and data protection weighted 2x
  • Financial Services: Model governance and monitoring weighted 2x
  • Legal: Output safety (hallucination) weighted 3x
  • Manufacturing: Security and monitoring weighted 2x
  • Government/Defense: All domains weighted equally at maximum

Go Deeper

Bundles

  • AI Playbook — $27
  • Pick 3 Industries — $97
  • All 10 Industries — $197
  • Everything Bundle — $247

Comments

Loading comments...