ClawHub

PCI DSS Checker

v1.0.0

Evaluates an organization's payment card processing environment against PCI DSS requirements and returns a comprehensive compliance assessment.

0· 145·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for krishnakumarmahadevan-cmd/pci-dss-checker.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "PCI DSS Checker" (krishnakumarmahadevan-cmd/pci-dss-checker) from ClawHub.
Skill page: https://clawhub.ai/krishnakumarmahadevan-cmd/pci-dss-checker
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pci-dss-checker

ClawHub CLI

Package manager switcher

npx clawhub@latest install pci-dss-checker
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (PCI DSS compliance assessment) matches the provided OpenAPI schema and SKILL.md: the skill expects a detailed questionnaire about payment processing and returns an assessment. There are no unrelated binaries, credentials, or installs requested that would be inconsistent with the stated purpose.
Instruction Scope
SKILL.md and openapi.json define a POST /pci-compliance endpoint and sample request/response; the instructions are scoped to accepting a JSON assessment payload and producing a compliance report. The instructions do not direct the agent to read system files, environment variables, or other unrelated data sources. Note: SKILL.md does not specify any server URL or external endpoint, implying the assessment is intended to be performed by the skill itself rather than forwarded — confirm runtime behavior before sending sensitive data.
Install Mechanism
No install specification or code files are present (instruction-only skill). This is low risk from an install/execution perspective because nothing is fetched or written to disk by an install step.
Credentials
The skill requests no environment variables or credentials, which is proportionate. However, the API schema requires many pieces of potentially sensitive compliance data (presence of card storage, cryptographic keys, encryption status, etc.). That sensitivity is expected for a PCI self-assessment tool, but users should avoid submitting actual PANs, secret keys, or unredacted sensitive artifacts — only provide high-level or redacted answers unless you trust where processing occurs.
Persistence & Privilege
always:false and no config paths or other persistence are requested. The skill does not request elevated or persistent privileges and does not modify other skills' settings.
Assessment
This skill appears to be what it says: a questionnaire-based PCI DSS self-assessment. Before using it, confirm where the assessment is processed (locally vs. sent to an external server). Never submit actual cardholder data, PANs, or private cryptographic keys — provide redacted or high-level answers instead. If you must provide sensitive implementation details, verify the skill's provenance/trustworthiness (author, hosting, privacy policy). If you need an auditor-level assessment, prefer vetted third-party PCI QSAs and do not rely solely on automated self-assessments.

Like a lobster shell, security has layers — review code before you run it.

latestvk979v0rf6d2p1e62h04n2jb27n83fehe
145downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
ToolWeb@krishnakumarmahadevan-cmd
latest
Download

Overview

The PCI DSS Compliance Checker is a security assessment tool designed to evaluate whether an organization meets the Payment Card Industry Data Security Standard (PCI DSS) requirements. This API accepts detailed information about your payment processing infrastructure, security controls, and operational practices, then performs a thorough compliance analysis across all 12 PCI DSS requirements.

Organizations handling payment card data—whether through e-commerce platforms, physical point-of-sale systems, mobile payments, or third-party processors—must maintain PCI DSS compliance to protect cardholder data and avoid regulatory penalties. This tool streamlines the self-assessment process by analyzing your security posture across network security, access controls, encryption, vulnerability management, and security policies.

The Compliance Checker is ideal for merchants, payment processors, service providers, security teams, and compliance officers who need to understand their PCI DSS compliance status, identify gaps in their security controls, and prioritize remediation efforts.

Usage

Sample Request:

{
  "organization_name": "TechRetail Inc.",
  "business_type": "E-commerce Retailer",
  "company_size": "Medium (50-500 employees)",
  "transaction_volume": "1-5 million transactions/year",
  "card_brands": ["Visa", "Mastercard", "American Express"],
  "processing_methods": ["Online", "Mail Order/Telephone"],
  "stores_card_data": true,
  "transmits_card_data": true,
  "processes_card_data": true,
  "ecommerce_website": true,
  "physical_locations_pos": false,
  "mobile_payments": true,
  "third_party_processors": true,
  "cloud_services": true,
  "firewall_installed": true,
  "default_passwords_changed": true,
  "network_segmentation": true,
  "card_data_protected": true,
  "transmission_encrypted": true,
  "cryptographic_keys": true,
  "antivirus_installed": true,
  "secure_systems_development": true,
  "vulnerability_management": true,
  "access_controls_by_role": true,
  "unique_user_ids": true,
  "multifactor_auth": true,
  "physical_access_restricted": true,
  "media_securely_handled": true,
  "access_logged": true,
  "logs_regularly_reviewed": true,
  "log_integrity_protected": true,
  "vulnerability_scans": true,
  "penetration_testing": true,
  "network_monitoring": true,
  "security_policy_maintained": true,
  "security_awareness_program": true,
  "incident_response_plan": true,
  "service_provider_monitoring": true
}

Sample Response:

{
  "compliance_status": "Compliant",
  "overall_score": 98,
  "assessment_date": "2025-01-20",
  "organization": "TechRetail Inc.",
  "requirement_summary": {
    "requirement_1": {
      "name": "Install and maintain firewall configuration",
      "status": "Compliant",
      "score": 100
    },
    "requirement_2": {
      "name": "Do not use vendor-supplied defaults",
      "status": "Compliant",
      "score": 100
    },
    "requirement_3": {
      "name": "Protect stored cardholder data",
      "status": "Compliant",
      "score": 100
    },
    "requirement_4": {
      "name": "Encrypt transmission of cardholder data",
      "status": "Compliant",
      "score": 100
    },
    "requirement_5": {
      "name": "Protect systems against malware",
      "status": "Compliant",
      "score": 100
    },
    "requirement_6": {
      "name": "Develop and maintain secure systems",
      "status": "Compliant",
      "score": 100
    },
    "requirement_7": {
      "name": "Implement strong access control measures",
      "status": "Compliant",
      "score": 95
    },
    "requirement_8": {
      "name": "Identify users and restrict access",
      "status": "Compliant",
      "score": 100
    },
    "requirement_9": {
      "name": "Restrict physical access to cardholder data",
      "status": "Compliant",
      "score": 100
    },
    "requirement_10": {
      "name": "Track and monitor access to cardholder data",
      "status": "Compliant",
      "score": 95
    },
    "requirement_11": {
      "name": "Test security systems regularly",
      "status": "Compliant",
      "score": 100
    },
    "requirement_12": {
      "name": "Maintain information security policy",
      "status": "Compliant",
      "score": 100
    }
  },
  "recommendations": [
    "Continue conducting regular vulnerability scans and penetration tests.",
    "Maintain robust service provider monitoring programs.",
    "Schedule quarterly access control audits to ensure least privilege is maintained."
  ],
  "next_steps": "Schedule annual compliance validation assessment."
}

Endpoints

POST /pci-compliance

Description: Performs a PCI DSS compliance assessment based on the organization's payment processing environment and security controls.

Method: POST

Path: /pci-compliance

Request Body:

The endpoint accepts a JSON object with the following properties:

ParameterTypeRequiredDescription
organization_namestringYesName of the organization undergoing assessment
business_typestringYesType of business (e.g., E-commerce Retailer, Payment Processor, Service Provider)
company_sizestringYesSize of the organization (e.g., Small, Medium, Large, Enterprise)
transaction_volumestringYesAnnual transaction volume (e.g., <1M, 1-5M, 5-10M, >10M transactions/year)
card_brandsarray[string]YesList of payment card brands processed (e.g., Visa, Mastercard, American Express, Discover)
processing_methodsarray[string]YesPayment processing methods (e.g., Online, Mail Order/Telephone, In-Person, Mobile)
stores_card_databooleanYesWhether organization stores cardholder data
transmits_card_databooleanYesWhether organization transmits cardholder data
processes_card_databooleanYesWhether organization processes cardholder data
ecommerce_websitebooleanYesWhether organization operates an e-commerce website
physical_locations_posbooleanYesWhether organization operates physical POS locations
mobile_paymentsbooleanYesWhether organization accepts mobile payments
third_party_processorsbooleanYesWhether organization uses third-party payment processors
cloud_servicesbooleanYesWhether organization uses cloud services for payment processing
firewall_installedbooleanYesWhether firewall is installed and configured
default_passwords_changedbooleanYesWhether all default passwords have been changed
network_segmentationbooleanYesWhether cardholder data environment is segmented from public network
card_data_protectedbooleanYesWhether stored cardholder data is encrypted
transmission_encryptedbooleanYesWhether cardholder data transmission is encrypted
cryptographic_keysbooleanYesWhether cryptographic keys are securely managed
antivirus_installedbooleanYesWhether antivirus/malware protection is installed
secure_systems_developmentbooleanYesWhether secure development practices are followed
vulnerability_managementbooleanYesWhether vulnerability management processes are in place
access_controls_by_rolebooleanYesWhether access controls are based on business need and role
unique_user_idsbooleanYesWhether all users have unique user IDs
multifactor_authbooleanYesWhether multi-factor authentication is implemented
physical_access_restrictedbooleanYesWhether physical access to cardholder data facilities is restricted
media_securely_handledbooleanYesWhether media containing cardholder data is securely handled
access_loggedbooleanYesWhether access to cardholder data is logged
logs_regularly_reviewedbooleanYesWhether logs are regularly reviewed
log_integrity_protectedbooleanYesWhether log integrity is protected
vulnerability_scansbooleanYesWhether regular vulnerability scans are performed
penetration_testingbooleanYesWhether penetration testing is conducted annually
network_monitoringbooleanYesWhether network is monitored for unauthorized access
security_policy_maintainedbooleanYesWhether information security policy is maintained and updated
security_awareness_programbooleanYesWhether security awareness training program is in place
incident_response_planbooleanYesWhether incident response plan is documented and tested
service_provider_monitoringbooleanYesWhether service providers are monitored for compliance

Response (200 OK):

Returns a JSON object containing the compliance assessment results, including:

  • compliance_status: Overall compliance status (Compliant, Non-Compliant, Partial)
  • overall_score: Numeric compliance score (0-100)
  • assessment_date: Date of assessment
  • organization: Organization name from request
  • requirement_summary: Detailed assessment for each of the 12 PCI DSS requirements with status and individual scores
  • recommendations: List of prioritized remediation recommendations
  • next_steps: Guidance on follow-up actions

Response (422 Validation Error):

Returns validation errors if required fields are missing or invalid:

{
  "detail": [
    {
      "loc": ["body", "organization_name"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Comments

Loading comments...