Compliance Officer
v1.1.0Reviews marketing content against FTC, HIPAA, GDPR, SEC 482, SEC Marketing, CCPA, COPPA, and CAN-SPAM — 208 specific laws with URLs.
⭐ 2· 873·2 current·2 all-time
byArber X@arberx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (marketing/compliance review) match the shipped assets: structured rule files for FTC, HIPAA, GDPR, SEC, CCPA, COPPA, and CAN-SPAM and an instructions document describing how to use them. No unrelated binaries, credentials, or config paths are requested. The claw.json network permission aligns with the SKILL.md note that URL fetching may be needed.
Instruction Scope
Runtime instructions confine the agent to loading local rule JSON files, reasoning about them, and optionally fetching a user-provided URL (privacy policy pages). The instructions do not ask the agent to read system files, access credentials, or post content to arbitrary endpoints. One minor note: the skill accepts images but does not specify OCR steps — that is likely intended to rely on the host agent's vision capabilities rather than adding new disk/exec behavior.
Install Mechanism
There is no install spec and no code files to install or execute; this is instruction-only with bundled reference data. This is the lowest-risk install profile.
Credentials
The skill requests no environment variables, no keys, and no config paths. The only declared permission is network (to fetch user-supplied URLs), which is proportional to the feature set.
Persistence & Privilege
The skill is not force-included (always:false), makes no claims about modifying other skills or system settings, and does not request elevated or persistent privileges.
Assessment
This skill appears coherent and limited to compliance review using the bundled rule files and optional URL fetching. Before installing: (1) confirm you are comfortable granting network access (the skill may fetch user-supplied URLs); (2) avoid pasting sensitive personal health information (PHI) or other secrets into the tool unless you have appropriate agreements in place — HIPAA-related checks may process content you submit; (3) verify the claimed source repository (the SKILL.md points to github.com/QCME-AI/agentic-compliance-rules) if provenance matters to you; and (4) treat outputs as pre-review guidance only — have your legal/compliance team review final decisions.Like a lobster shell, security has layers — review code before you run it.
latestvk979z3vvvzhprjyq7m0y02cyzx8286dt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.