Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Security & Compliance
Regulatory Compliance Audit
Perform a comprehensive regulatory compliance audit covering US, UK, and EU frameworks across 8 domains with risk scoring and a 90-day remediation roadmap.
skill openclawclawhub Free
Perform a comprehensive regulatory compliance audit covering US, UK, and EU frameworks across 8 domains with risk scoring and a 90-day remediation roadmap.
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- README.md, SKILL.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.0
Provenance
- Publisher
- 1kalin
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Regulatory Compliance Audit
Run a full regulatory compliance audit for any business. Covers US, UK, and EU frameworks across 8 compliance domains with gap analysis, risk scoring, and remediation timelines.
When to Use
Annual or quarterly compliance reviews Pre-audit preparation (SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS) New market entry requiring regulatory assessment Board or investor due diligence on compliance posture Post-incident compliance gap analysis
Step 1: Identify Applicable Frameworks
Based on the business profile (industry, geography, data types, revenue), determine which frameworks apply: FrameworkTriggersSOC 2 Type IIB2B SaaS, handles customer dataGDPRAny EU customer data, EU employeesHIPAAAny PHI (healthcare, benefits, wellness)PCI DSSProcesses, stores, or transmits card dataISO 27001Enterprise clients requesting certificationSOXPublic company or preparing for IPOCCPA/CPRA>$25M revenue OR >50K CA consumersNIST AI RMFDeploying AI/ML in productionUK DPA 2018UK operations or UK customer dataFCA/PRAUK financial services
Step 2: 8-Domain Compliance Assessment
Score each domain 1-5 (1=non-existent, 5=mature): Domain 1: Data Governance Data classification policy (public/internal/confidential/restricted) Data retention schedule with legal hold procedures Data processing agreements with all vendors Cross-border transfer mechanisms (SCCs, adequacy decisions) Data subject rights workflow (access, deletion, portability) Data breach notification procedure (<72hr GDPR, state-specific US) Domain 2: Access Control & Identity Role-based access control (RBAC) implemented Multi-factor authentication on all critical systems Privileged access management (PAM) for admin accounts Quarterly access reviews with evidence retention Automated provisioning/deprovisioning tied to HR Service account inventory with rotation schedule Domain 3: Security Operations Vulnerability management program (scan frequency, SLA by severity) Penetration testing (annual minimum, after major changes) Security incident response plan (tested within 12 months) Log retention meeting regulatory minimums (1yr SOC 2, 6yr SOX) Endpoint detection and response (EDR) on all endpoints Network segmentation between environments Domain 4: Business Continuity Business impact analysis (BIA) current within 12 months Disaster recovery plan with defined RTO/RPO by system tier Backup testing (restore verified quarterly minimum) Pandemic/remote work continuity procedures Third-party dependency mapping for critical services Communication plan (internal + external + regulatory) Domain 5: Vendor & Third-Party Risk Vendor risk assessment questionnaire (SIG Lite or equivalent) Tiered vendor classification (critical/high/medium/low) Annual vendor reviews for critical and high-tier vendors Right-to-audit clauses in critical vendor contracts Fourth-party risk assessment for critical vendors Vendor offboarding procedure with data return/destruction Domain 6: HR & Personnel Security Background check policy (scope appropriate to role) Security awareness training (annual + phishing simulations) Acceptable use policy signed by all employees Code of conduct with reporting mechanisms Termination checklist (access removal, device collection, NDA reminder) Contractor/temp worker security requirements Domain 7: AI & Automation Governance AI model inventory with risk classification Bias testing and fairness metrics for decision-making models Human-in-the-loop requirements defined per use case AI incident response procedures Transparency documentation (model cards, impact assessments) Training data governance and lineage tracking Domain 8: Financial & Reporting Controls Segregation of duties in financial processes Change management procedures for financial systems Audit trail for all financial transactions Revenue recognition controls (ASC 606 / IFRS 15) Tax compliance calendar (federal, state, international) Internal audit schedule and findings tracking
Step 3: Risk Scoring Matrix
For each gap identified: LikelihoodImpactRisk ScoreAction TimelineHighHighCriticalFix within 30 daysHighMediumHighFix within 60 daysMediumHighHighFix within 60 daysMediumMediumMediumFix within 90 daysLowHighMediumFix within 90 daysLowMediumLowNext quarterly reviewLowLowInformationalAnnual review
Step 4: Remediation Roadmap
Build a 90-day plan: Days 1-30: Critical Gaps Address any gaps with Critical or High risk scores Implement quick wins (policy updates, access reviews) Engage external counsel for regulatory interpretation if needed Days 31-60: Systematic Improvements Deploy technical controls (MFA, EDR, log aggregation) Complete vendor risk assessments for critical vendors Update employee training program Days 61-90: Evidence & Documentation Build evidence collection system for ongoing compliance Conduct internal audit of remediated areas Prepare board-ready compliance dashboard
Step 5: Compliance Cost Benchmarks (2026)
Company SizeAnnual Compliance BudgetKey Cost Drivers10-50 employees$30K-$80KSOC 2 audit ($15-30K), tools ($10-20K), training ($5-10K)50-200 employees$80K-$250K+ DPO/compliance hire ($80-120K), pen testing ($15-40K)200-1000 employees$250K-$800K+ GRC platform ($50-150K), multiple audits, legal counsel1000+ employees$800K-$3M++ Dedicated compliance team, continuous monitoring, regulatory filings Cost of non-compliance (real examples): GDPR fines: up to 4% global annual revenue (Meta: โฌ1.2B, 2023) HIPAA: $100-$50K per violation, $1.5M annual cap per category PCI DSS: $5K-$100K/month until compliant + liability for breaches SOX: Criminal penalties, officer personal liability Average data breach cost: $4.88M (IBM 2024)
Step 6: Output Format
Generate a compliance report with: Executive Summary โ Overall maturity score (1-5), top 3 risks, recommended budget Framework Applicability Matrix โ Which frameworks apply and current certification status Domain Scores โ 8 domains with gap counts and risk distribution Critical Findings โ Top 10 gaps ranked by risk score with remediation steps 90-Day Roadmap โ Week-by-week action plan with owners and milestones Budget Estimate โ Compliance cost projection for next 12 months Board Dashboard โ One-page visual for board/investor reporting
Industry-Specific Requirements
IndustryPrimary FrameworksSpecial ConsiderationsSaaS/TechnologySOC 2, GDPR, CCPAAI governance, open source licensingHealthcareHIPAA, HITRUST, FDA (if devices)PHI everywhere, BAAs requiredFinancial ServicesSOX, PCI DSS, GLBA, FCA/PRATransaction monitoring, AML/KYCLegalABA ethics, GDPR, privilege rulesClient confidentiality, conflict checksConstructionOSHA, environmental, bondingSafety records, subcontractor complianceE-commercePCI DSS, CCPA/GDPR, FTCPayment data, consumer protection, returnsManufacturingISO 9001, OSHA, EPA, export controlsSupply chain compliance, ITAR/EARReal EstateFair Housing, AML, state licensingProperty data, transaction complianceRecruitmentEEOC, GDPR (candidate data), ban-the-boxAI hiring bias (NYC Local 144), background checksProfessional ServicesIndustry-specific licensing, SOC 2Client data handling, engagement letters
7 Compliance Audit Mistakes That Cost Companies Millions
Treating compliance as annual โ It's continuous. Point-in-time audits miss 60% of gaps that develop mid-year. Ignoring AI governance โ NIST AI RMF and EU AI Act are here. Every production model needs documentation. Vendor risk as checkbox โ Your vendor's breach is your breach. Fourth-party risk is real. No evidence retention system โ If you can't prove compliance, you're not compliant. Automate evidence collection. Security โ compliance โ You can be secure and non-compliant, or compliant and insecure. Address both. Underbudgeting remediation โ Plan for 2x the estimated remediation cost. Surprises are the norm. Board reporting as afterthought โ Boards that see compliance dashboards quarterly make better risk decisions. Get the full compliance implementation toolkit for your industry: Browse all 10 industry context packs โ https://afrexai-cto.github.io/context-packs/ Calculate your AI automation ROI โ https://afrexai-cto.github.io/ai-revenue-calculator/ Set up your AI agent stack โ https://afrexai-cto.github.io/agent-setup/ Bundles: Playbook $27 | Pick 3 $97 | All 10 $197 | Everything $247
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
2 Docs
- SKILL.md
- README.md