๐Ÿ”
12917 skills
โ† All skills
Tencent SkillHub ยท Security & Compliance

AuditClaw Gcp

GCP compliance evidence collection for auditclaw-grc. 12 read-only checks across Cloud Storage, firewall, IAM, logging, KMS, DNS, BigQuery, Compute, and Clou...

skill openclawclawhub Free
0 Downloads
0 Stars
0 Installs
0 Score
High Signal

GCP compliance evidence collection for auditclaw-grc. 12 read-only checks across Cloud Storage, firewall, IAM, logging, KMS, DNS, BigQuery, Compute, and Clou...

โฌ‡ 0 downloads โ˜… 0 stars Unverified but indexed

Install for OpenClaw

Quick setup
  1. Download the package from Yavira.
  2. Extract the archive and review SKILL.md first.
  3. Import or place the package into your OpenClaw setup.

Requirements

Target platform
OpenClaw
Install method
Manual import
Extraction
Extract archive
Prerequisites
OpenClaw
Primary doc
SKILL.md

Package facts

Download mode
Yavira redirect
Package format
ZIP package
Source platform
Tencent SkillHub
What's included
README.md, scripts/requirements.txt, scripts/checks/cloudsql.py, scripts/checks/dns.py, scripts/checks/iam.py, scripts/checks/firewall.py

Validation

  • Use the Yavira download entry.
  • Review SKILL.md after the package is downloaded.
  • Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

  1. Download the package from Yavira.
  2. Extract it into a folder your agent can access.
  3. Paste one of the prompts below and point your agent at the extracted folder.
New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source
Tencent SkillHub
Verification
Indexed source record
Version
1.0.2

Documentation

ClawHub primary doc Primary doc: SKILL.md 14 sections Open source page

AuditClaw GCP

Companion skill for auditclaw-grc. Collects compliance evidence from Google Cloud Platform projects using read-only API calls. 12 checks | Viewer + Security Reviewer roles only | Evidence stored in shared GRC database

Security Model

Read-only access: Requires 6 read-only IAM roles (Viewer, Security Reviewer, Cloud SQL Viewer, Logging Viewer, DNS Reader, Cloud KMS Viewer). No write/modify permissions. Credentials: Uses standard GCP credential chain (GOOGLE_APPLICATION_CREDENTIALS or gcloud auth). No credentials stored by this skill. Dependencies: Google Cloud SDK packages (all pinned in requirements.txt) Data flow: Check results stored as evidence in ~/.openclaw/grc/compliance.sqlite via auditclaw-grc

Prerequisites

GCP credentials configured (gcloud auth application-default login or service account JSON) GCP_PROJECT_ID environment variable set pip install -r scripts/requirements.txt auditclaw-grc skill installed and initialized

Commands

"Run GCP evidence sweep": Run all checks, store results in GRC database "Check GCP storage compliance": Run Cloud Storage checks "Check GCP firewall rules": Run firewall ingress checks "Check GCP IAM compliance": Run IAM service account checks "Check GCP logging status": Verify audit logging configuration "Check GCP KMS keys": Review KMS key rotation "Show GCP integration health": Last sync, errors, evidence count

Usage

All evidence is stored in the shared GRC database at ~/.openclaw/grc/compliance.sqlite via the auditclaw-grc skill's db_query.py script. To run a full evidence sweep: python3 scripts/gcp_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --all To run specific checks: python3 scripts/gcp_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --checks storage,firewall,iam

Check Categories (9 files, 12 findings)

CheckWhat It VerifiesstorageUniform bucket-level access, public access preventionfirewallNo unrestricted ingress (0.0.0.0/0) to SSH/RDP/alliamService account key rotation (90 days), SA admin privilege restrictionloggingAudit logging enabled (all services), log export sink existskmsKMS key rotation period <= 90 daysdnsDNSSEC enabled on public zonesbigqueryNo public dataset access (allUsers/allAuthenticatedUsers)computeNo default service account with cloud-platform scopecloudsqlSSL enforcement, no public IP with 0.0.0.0/0

Evidence Storage

Each check produces evidence items stored with: source: "gcp" type: "automated" control_id: Mapped to relevant SOC2/ISO/HIPAA controls description: Human-readable finding summary file_content: JSON details of the check result

Required IAM Roles

roles/viewer roles/iam.securityReviewer roles/cloudsql.viewer roles/logging.viewer roles/dns.reader roles/cloudkms.viewer All checks use read-only access only.

Setup Guide

When a user asks to set up GCP integration, guide them through these steps:

Step 1: Create Service Account

gcloud iam service-accounts create auditclaw-scanner --display-name="AuditClaw Scanner"

Step 2: Grant IAM Roles

Grant these 6 read-only roles: for role in roles/viewer roles/iam.securityReviewer roles/cloudsql.viewer roles/logging.viewer roles/dns.reader roles/cloudkms.viewer; do gcloud projects add-iam-policy-binding PROJECT_ID \ --member=serviceAccount:auditclaw-scanner@PROJECT_ID.iam.gserviceaccount.com \ --role=$role done

Step 3: Generate JSON Key

gcloud iam service-accounts keys create key.json --iam-account=auditclaw-scanner@PROJECT_ID.iam.gserviceaccount.com

Step 4: Configure Credentials

Set environment variables: GOOGLE_APPLICATION_CREDENTIALS=/path/to/key.json GCP_PROJECT_ID=your-project-id

Step 5: Verify Connection

Run: python3 {baseDir}/scripts/gcp_evidence.py --test-connection The exact roles are documented in scripts/gcp-roles.json. Show with: python3 {baseDir}/../auditclaw-grc/scripts/db_query.py --action show-policy --provider gcp

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package
4 Scripts1 Docs1 Files
  • README.md Docs
  • scripts/checks/cloudsql.py Scripts
  • scripts/checks/dns.py Scripts
  • scripts/checks/firewall.py Scripts
  • scripts/checks/iam.py Scripts
  • scripts/requirements.txt Files

Related skills

Tencent SkillHub Free

1-SEC: All-in-One Cybersecurity for AI Agent Hosts

Install, configure, and manage 1-SEC โ€” an open-source, all-in-one cybersecurity platform (16 modules, single binary) on Linux servers and VPS instances. Use...

Security & Compliance skill openclaw
Tencent SkillHub Free

A SecOps expert to handle security issues, ensure that protections are in place and collect evidence for security analysis. The Skill also contains skill integrity checks.

Perform SecOps endpoint checks for EDR, Sysmon, updates, EVTX alerts, least privilege, network exposure, credential protection, vulnerabilities, weekly asses...

Security & Compliance skill openclaw
Tencent SkillHub Free

AI Compliance Readiness Assessment

AI Compliance Readiness Assessment โ€” evaluate how prepared an organization is for AI governance regulations (EU AI Act, NIST AI RMF, HHS mandates, state bar...

Security & Compliance skill openclaw