ClawHub

Regulatory Compliance Audit

v1.0.0

Perform a comprehensive regulatory compliance audit covering US, UK, and EU frameworks across 8 domains with risk scoring and a 90-day remediation roadmap.

0· 1k·8 current·8 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the SKILL.md: the skill is a procedural compliance audit (framework identification, 8-domain checklist, risk scoring, 90-day roadmap). There are no declared binaries, installs, or credentials that don't belong to this purpose. README marketing (paid packs, links) is external to the skill but does not change the skill's declared functionality.
Instruction Scope
SKILL.md instructs the agent to gather a business profile and run framework applicability, gap analysis, scoring, and produce remediation plans. The instructions do not direct the agent to read system files, environment variables, or secrets, nor do they reference unexpected external endpoints. It relies on user-provided business context, which is appropriate for this task.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is written to disk or fetched at install time. This is the lowest-risk install profile.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate to an advisory/compliance checklist that only needs a business description. There are no unrelated credential requests.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request persistent system presence or modify other skills/config. Autonomous invocation is the platform default and not a special risk here given the minimal footprint.
Assessment
This skill is an instruction-only compliance playbook — it will ask for details about your business so the agent can assess applicable frameworks and gaps. Before running it: (1) avoid pasting sensitive secrets, credentials, or raw PHI/PCI data into the agent; provide high-level descriptions where possible, or sanitize datasets; (2) remember this is advisory content, not legal advice—consult counsel for binding interpretations; (3) the README includes marketing links to external pages — the skill itself doesn't call them, but verify any third-party resources before following paid offers; (4) if you need automated evidence collection from systems, prefer a vetted tool that explicitly requests the narrow credentials required rather than pasting secrets into a conversational agent.

Like a lobster shell, security has layers — review code before you run it.

auditvk97bdsavx038amcvbkbz9txemd81e1wkcompliancevk97bdsavx038amcvbkbz9txemd81e1wkgovernancevk97bdsavx038amcvbkbz9txemd81e1wklatestvk97bdsavx038amcvbkbz9txemd81e1wkregulatoryvk97bdsavx038amcvbkbz9txemd81e1wkriskvk97bdsavx038amcvbkbz9txemd81e1wk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments