ClawHub

Sox

v1.0.0

Sarbanes-Oxley Act compliance reference — SOX sections, internal controls, audit requirements, and IT governance. Use when evaluating SOX compliance, designi...

0· 93·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (SOX compliance reference) match the provided SKILL.md and the included scripts/script.sh which implement commands that print SOX guidance and checklists; no unrelated services, credentials, or binaries are requested.
Instruction Scope
Runtime instructions are narrowly scoped: they call the bundled scripts/script.sh with explicit command names (intro, sections, controls, itgc, audit, etc.). The instructions do not ask the agent to read arbitrary system files, access unrelated environment variables, or transmit data to external endpoints in the visible content.
Install Mechanism
There is no install spec and the skill is instruction-only with a bundled shell script. Nothing is downloaded or extracted from external URLs.
Credentials
SKILL.md mentions a configuration variable SOX_DIR (default ~/.sox/) which is reasonable for a local data directory; no credentials or secrets are required. The visible script content does not read or require other environment variables.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request elevated privileges or attempt to modify other skills or system-wide settings in the visible content. The agent-autonomy default is unchanged (normal).
Assessment
This skill appears coherent and self-contained: it runs a local shell script to display SOX guidance and does not ask for secrets or perform network installs (based on the provided files). Before installing, review the full scripts/script.sh (the provided excerpt was truncated) to confirm there are no hidden network calls, file reads/writes, or commands executed beyond printing guidance; verify the SOX_DIR behavior if you have sensitive files in ~/.sox/, and only enable autonomous invocation if you trust the skill's publisher (BytesAgain). If you want higher assurance, run the script in a sandbox or inspect the remainder of the file for unexpected commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk9738cbweze66jpq0hdqz0d2ph83bpmd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments