# Send AuditClaw Gcp to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "auditclaw-gcp",
    "name": "AuditClaw Gcp",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/mailnike/auditclaw-gcp",
    "canonicalUrl": "https://clawhub.ai/mailnike/auditclaw-gcp",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/auditclaw-gcp",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=auditclaw-gcp",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "README.md",
      "scripts/requirements.txt",
      "scripts/checks/cloudsql.py",
      "scripts/checks/dns.py",
      "scripts/checks/iam.py",
      "scripts/checks/firewall.py"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-23T16:43:11.935Z",
      "expiresAt": "2026-04-30T16:43:11.935Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
        "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/auditclaw-gcp"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/auditclaw-gcp",
    "downloadUrl": "https://openagent3.xyz/downloads/auditclaw-gcp",
    "agentUrl": "https://openagent3.xyz/skills/auditclaw-gcp/agent",
    "manifestUrl": "https://openagent3.xyz/skills/auditclaw-gcp/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/auditclaw-gcp/agent.md"
  }
}
```
## Documentation

### AuditClaw GCP

Companion skill for auditclaw-grc. Collects compliance evidence from Google Cloud Platform projects using read-only API calls.

12 checks | Viewer + Security Reviewer roles only | Evidence stored in shared GRC database

### Security Model

Read-only access: Requires 6 read-only IAM roles (Viewer, Security Reviewer, Cloud SQL Viewer, Logging Viewer, DNS Reader, Cloud KMS Viewer). No write/modify permissions.
Credentials: Uses standard GCP credential chain (GOOGLE_APPLICATION_CREDENTIALS or gcloud auth). No credentials stored by this skill.
Dependencies: Google Cloud SDK packages (all pinned in requirements.txt)
Data flow: Check results stored as evidence in ~/.openclaw/grc/compliance.sqlite via auditclaw-grc

### Prerequisites

GCP credentials configured (gcloud auth application-default login or service account JSON)
GCP_PROJECT_ID environment variable set
pip install -r scripts/requirements.txt
auditclaw-grc skill installed and initialized

### Commands

"Run GCP evidence sweep": Run all checks, store results in GRC database
"Check GCP storage compliance": Run Cloud Storage checks
"Check GCP firewall rules": Run firewall ingress checks
"Check GCP IAM compliance": Run IAM service account checks
"Check GCP logging status": Verify audit logging configuration
"Check GCP KMS keys": Review KMS key rotation
"Show GCP integration health": Last sync, errors, evidence count

### Usage

All evidence is stored in the shared GRC database at ~/.openclaw/grc/compliance.sqlite
via the auditclaw-grc skill's db_query.py script.

To run a full evidence sweep:

python3 scripts/gcp_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --all

To run specific checks:

python3 scripts/gcp_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --checks storage,firewall,iam

### Check Categories (9 files, 12 findings)

CheckWhat It VerifiesstorageUniform bucket-level access, public access preventionfirewallNo unrestricted ingress (0.0.0.0/0) to SSH/RDP/alliamService account key rotation (90 days), SA admin privilege restrictionloggingAudit logging enabled (all services), log export sink existskmsKMS key rotation period <= 90 daysdnsDNSSEC enabled on public zonesbigqueryNo public dataset access (allUsers/allAuthenticatedUsers)computeNo default service account with cloud-platform scopecloudsqlSSL enforcement, no public IP with 0.0.0.0/0

### Evidence Storage

Each check produces evidence items stored with:

source: "gcp"
type: "automated"
control_id: Mapped to relevant SOC2/ISO/HIPAA controls
description: Human-readable finding summary
file_content: JSON details of the check result

### Required IAM Roles

roles/viewer
roles/iam.securityReviewer
roles/cloudsql.viewer
roles/logging.viewer
roles/dns.reader
roles/cloudkms.viewer

All checks use read-only access only.

### Setup Guide

When a user asks to set up GCP integration, guide them through these steps:

### Step 1: Create Service Account

gcloud iam service-accounts create auditclaw-scanner --display-name="AuditClaw Scanner"

### Step 2: Grant IAM Roles

Grant these 6 read-only roles:

for role in roles/viewer roles/iam.securityReviewer roles/cloudsql.viewer roles/logging.viewer roles/dns.reader roles/cloudkms.viewer; do
  gcloud projects add-iam-policy-binding PROJECT_ID \\
    --member=serviceAccount:auditclaw-scanner@PROJECT_ID.iam.gserviceaccount.com \\
    --role=$role
done

### Step 3: Generate JSON Key

gcloud iam service-accounts keys create key.json --iam-account=auditclaw-scanner@PROJECT_ID.iam.gserviceaccount.com

### Step 4: Configure Credentials

Set environment variables:

GOOGLE_APPLICATION_CREDENTIALS=/path/to/key.json
GCP_PROJECT_ID=your-project-id

### Step 5: Verify Connection

Run: python3 {baseDir}/scripts/gcp_evidence.py --test-connection

The exact roles are documented in scripts/gcp-roles.json. Show with:
python3 {baseDir}/../auditclaw-grc/scripts/db_query.py --action show-policy --provider gcp
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: mailnike
- Version: 1.0.2
## Source health
- Status: healthy
- Source download looks usable.
- Yavira can redirect you to the upstream package for this source.
- Health scope: source
- Reason: direct_download_ok
- Checked at: 2026-04-23T16:43:11.935Z
- Expires at: 2026-04-30T16:43:11.935Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/auditclaw-gcp)
- [Send to Agent page](https://openagent3.xyz/skills/auditclaw-gcp/agent)
- [JSON manifest](https://openagent3.xyz/skills/auditclaw-gcp/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/auditclaw-gcp/agent.md)
- [Download page](https://openagent3.xyz/downloads/auditclaw-gcp)