Reverse Compliance
PassAudited by ClawScan on May 3, 2026.
Overview
This appears to be a compliance-plan generator, but users should know it needs an OpenAI API key, may send business details to OpenAI, and should not replace professional compliance review.
Before installing, confirm you are comfortable providing an OpenAI API key and sending compliance-related inputs to OpenAI. Treat the generated plans, labels, and templates as drafts that need expert review before operational or legal use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume quota or incur costs on the user's OpenAI account.
The skill requires an OpenAI API key, which is a sensitive credential, but this is disclosed and fits the stated LLM generation purpose.
required_env: - OPENAI_API_KEY primary_env: OPENAI_API_KEY
Use a dedicated, budget-limited API key where possible and do not share the key in prompts, documents, or logs.
Confidential product, regulatory, or business strategy details entered into the skill may leave the local environment.
The artifacts disclose that the skill calls OpenAI for LLM-based compliance generation, so user-provided product, market, and business details may be sent to an external provider.
domain: api.openai.com purpose: "LLM大语言模型调用,用于合规方案生成和策略建议"
Avoid entering sensitive or regulated business data unless OpenAI use is acceptable under your organization's data policies.
If treated as authoritative, generated compliance documents or market-entry advice could be inaccurate for a specific product, formulation, jurisdiction, or platform.
The skill frames generated compliance plans as complete from minimal input, which is purpose-aligned marketing but could lead users to over-trust AI-generated legal or regulatory materials.
用户只需提供三个字段,系统自动输出完整9模块逆向合规方案...无需用户补充更多信息。
Use outputs as planning drafts and have qualified legal, compliance, or certification professionals verify them before publishing, labeling, listing, or filing documents.