技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 1 · 693 · 2 current installs · 2 all-time installs
⭐ 1
安装量(当前) 2
🛡 VirusTotal :良性 · OpenClaw :良性
Package:1kalin/afrexai-compliance-audit
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's stated purpose (generating compliance audits) matches what its instructions require and it requests no credentials or installs, but exercise caution with sensitive input and verify any control references or cost estimates the agent produces.
目的
Name and instructions align: the skill is an instruction-only generator for compliance frameworks and does not request unrelated binaries, credentials, or system access.
说明范围
Instructions are narrowly scoped to asking for organizational context and producing structured audit reports. However, the skill expects potentially sensitive inputs (industry, data types, tech stack, known gaps). The SKILL.md also directs the agent to reference specific control numbers and provide cost estimates — this raises risk of hallucinated/misstated controls or inaccurate contractor pricing. The skill does not instruct reading local fi…
安装机制
No install spec and no code files — instruction-only skill means nothing is written to disk and no external packages are pulled in.
证书
The skill requests no environment variables, credentials, or config paths. That is proportionate to an advisory/reporting tool that relies on user-provided context.
持久
always is false and the skill does not request persistent system privileges or modify other skill configs. Autonomous invocation is allowed by default but not combined with other concerning privileges.
综合结论
This appears to be a coherent, instruction-only compliance audit generator. Before you use it: (1) do not paste secrets or full credentials — provide high-level descriptions instead; (2) treat the output as a starting point, not a certified audit — independently verify all control references (e.g., SOC 2, ISO control IDs) and legal/regulatory claims; (3) spot-check cost estimates and third-party/tool recommendations with vendors; (4) if you ne…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Compliance Audit Generator」。简介:Generates detailed compliance audits with risk-prioritized findings and remedia…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/1kalin/afrexai-compliance-audit/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
# Compliance Audit Generator
Run internal compliance audits against major frameworks without hiring a consultant.
## What It Does
Generates a structured compliance audit for your organization against any of these frameworks:
- **SOC 2** (Type I & II) — Trust Services Criteria
- **ISO 27001** — Information Security Management
- **GDPR** — Data Protection (EU/UK)
- **HIPAA** — Healthcare Data (US)
- **PCI DSS** — Payment Card Security
- **SOX** — Financial Controls (US public companies)
- **CCPA/CPRA** — California Consumer Privacy
## How to Use
Tell the agent which framework you need audited. Provide context about your organization:
- Industry and size
- Current security controls
- Data types you handle
- Existing certifications
- Known gaps or concerns
### Example Prompts
- "Run a SOC 2 readiness audit for our 40-person SaaS company"
- "Check our GDPR compliance — we process EU customer data and use AWS"
- "Generate an ISO 27001 gap analysis for our fintech startup"
- "Audit our HIPAA controls — we're a healthtech handling PHI"
## Output Format
The agent produces:
### 1. Executive Summary
- Overall readiness score (0-100%)
- Critical gaps count
- Estimated remediation timeline
### 2. Control-by-Control Assessment
For each control domain:
- **Status**: Compliant / Partial / Non-Compliant / Not Assessed
- **Evidence Required**: What auditors will ask for
- **Current Gap**: What's missing
- **Remediation Steps**: Specific actions to close the gap
- **Priority**: Critical / High / Medium / Low
- **Effort**: Hours/days estimate
### 3. Remediation Roadmap
- Phase 1 (0-30 days): Critical fixes
- Phase 2 (30-90 days): High priority items
- Phase 3 (90-180 days): Full compliance
### 4. Evidence Checklist
- Document inventory needed for audit
- Policy templates to create
- Technical configurations to verify
## Agent Instructions
When the user requests a compliance audit:
1. Ask which framework(s) they need assessed
2. Gather context about their organization (industry, size, tech stack, data types)
3. Generate the full audit report following the output format above
4. For each control area, be specific — don't give generic advice. Reference the actual control numbers (e.g., SOC 2 CC6.1, ISO 27001 A.8.2)
5. Prioritize findings by business risk, not alphabetical order
6. Include cost estimates where possible (e.g., "penetration test: $5,000-$15,000")
7. Flag any controls that require third-party tools or services
Be direct. No filler. Every finding should have a clear "do this" action attached.