ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Compliance Checklist Gen

v1.0.0

Generates industry-specific and region-specific compliance checklists to streamline regulatory adherence and audit preparation.

0· 117·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for krishnakumarmahadevan-cmd/compliance-checklist-gen.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Compliance Checklist Gen" (krishnakumarmahadevan-cmd/compliance-checklist-gen) from ClawHub.
Skill page: https://clawhub.ai/krishnakumarmahadevan-cmd/compliance-checklist-gen
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install compliance-checklist-gen

ClawHub CLI

Package manager switcher

npx clawhub@latest install compliance-checklist-gen
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the included SKILL.md and openapi.json: both describe an API that generates industry- and region-specific compliance checklists. That core purpose is coherent with the provided examples and endpoints. However, the registry metadata lists no homepage/source and the SKILL.md advertises external hosts (toolweb.in, api.mkkpro.com) that are not reflected in the registry provenance, which reduces trust.
!
Instruction Scope
The SKILL.md describes calling an external API (POST /generate-checklist at api.mkkpro.com / Kong route). It does not instruct reading local files or unrelated env vars, but it also does not declare how to authenticate, where exactly the base URL should come from, or any privacy/consent safeguards. The openapi.json and the JSON examples disagree in places (example shows JSON body/response; openapi uses application/x-www-form-urlencoded and an empty response schema). This ambiguity increases the chance the agent will send user-provided organizational context or sensitive details to an external service without clear constraints.
Install Mechanism
Instruction-only skill with no install spec and no code files. No binaries or archives will be downloaded or written to disk by an installer — lowest install risk.
!
Credentials
The skill declares no required environment variables or credentials, which is plausible for a public demo API. But SKILL.md references external API endpoints and commercial pricing (plans), suggesting a hosted service that may require keys not declared. Because authentication, telemetry, and privacy terms are not specified, any organization-specific inputs supplied could be transmitted to a third party. The lack of declared credentials or data handling guidance is disproportionate to the risk of sending potentially sensitive compliance context.
Persistence & Privilege
The skill is not always-included and uses default autonomous invocation settings. It does not request to modify other skills or system settings. No persistence or privileged system access is requested.
Scan Findings in Context
[no_regex_findings] expected: The static scanner found nothing — expected because this is an instruction-only skill with no code files. Absence of findings is not assurance of safety; the SKILL.md itself contains the runtime behavior (calling external APIs).
What to consider before installing
This skill appears to be a thin wrapper around an external hosted API (toolweb.in / api.mkkpro.com) with unclear provenance and inconsistent API documentation. Before installing or using it: (1) Do NOT send real or sensitive organizational data to it — test with non-sensitive dummy inputs first. (2) Ask the publisher for the exact base URL, authentication method, and a privacy/data-retention policy (who can access submitted data). (3) Verify the service's reputation (owner/site) or request a self-hostable/local alternative if you must process confidential compliance data. (4) Note the OpenAPI example/format mismatch — confirm expected request/response formats to avoid accidental data leaks. If you cannot verify the endpoint, credentials, and data handling, treat this skill as untrusted for real compliance workloads.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fsvzexkmm58m7dcfrqz5nfx83bjrx
117downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
ToolWeb@krishnakumarmahadevan-cmd
latest
Download

Overview

The Compliance Checklist Generator is a specialized API designed to automate the creation of compliance checklists tailored to your organization's industry and regulatory region. This tool eliminates manual checklist creation by leveraging compliance frameworks and regulatory requirements specific to your operational context.

By providing your industry vertical and geographic region, the API returns a comprehensive, actionable checklist that aligns with relevant compliance standards, regulations, and best practices. This significantly reduces the time and expertise required to prepare for audits, maintain regulatory compliance, and implement governance controls.

The Compliance Checklist Generator is ideal for security teams, compliance officers, risk managers, and internal audit functions seeking to standardize compliance assessment processes and ensure consistent coverage of regulatory requirements across their organization.

Usage

Sample Request:

{
  "industry": "Financial Services",
  "region": "United States"
}

Sample Response:

{
  "checklist_id": "ccg-20250115-fs-us-001",
  "industry": "Financial Services",
  "region": "United States",
  "generated_at": "2025-01-15T14:32:18Z",
  "checklist_items": [
    {
      "id": 1,
      "category": "Data Security",
      "requirement": "Implement encryption for data in transit and at rest",
      "framework": "NIST Cybersecurity Framework",
      "status": "pending"
    },
    {
      "id": 2,
      "category": "Access Control",
      "requirement": "Enforce multi-factor authentication for all user accounts",
      "framework": "SOC 2 Type II",
      "status": "pending"
    },
    {
      "id": 3,
      "category": "Audit & Monitoring",
      "requirement": "Maintain audit logs for a minimum of 7 years",
      "framework": "SEC Regulations",
      "status": "pending"
    }
  ],
  "total_items": 3,
  "estimated_completion_hours": 120
}

Endpoints

POST /generate-checklist

Description: Generates a compliance checklist customized for the specified industry and region.

Method: POST

Path: /generate-checklist

Request Parameters:

ParameterTypeRequiredDescription
industrystringYesThe industry vertical for which the checklist is generated (e.g., "Financial Services", "Healthcare", "E-commerce", "Technology")
regionstringYesThe geographic region or jurisdiction for which compliance requirements apply (e.g., "United States", "European Union", "Asia-Pacific", "Canada")

Response Schema (200 - Success):

The successful response returns a JSON object containing:

  • checklist_id (string): Unique identifier for the generated checklist
  • industry (string): The requested industry
  • region (string): The requested region
  • generated_at (string): ISO 8601 timestamp of generation
  • checklist_items (array): Array of compliance items, each containing:
    • id (integer): Item identifier
    • category (string): Compliance category (e.g., "Data Security", "Access Control")
    • requirement (string): Specific compliance requirement
    • framework (string): Applicable compliance framework (e.g., "NIST", "SOC 2", "GDPR")
    • status (string): Current status of the item
  • total_items (integer): Total number of checklist items
  • estimated_completion_hours (integer): Estimated effort to complete all items

Error Responses:

Status CodeDescription
422Validation Error – Missing or invalid required parameters (industry or region)

Validation Error Response (422):

{
  "detail": [
    {
      "loc": ["body", "industry"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Comments

Loading comments...