Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Other
AuditClaw GRC
AI-native GRC (Governance, Risk, and Compliance) for OpenClaw. 97 actions across 13 frameworks including SOC 2, ISO 27001, HIPAA, GDPR, NIST CSF, PCI DSS, CI...
skill openclawclawhub Free
AI-native GRC (Governance, Risk, and Compliance) for OpenClaw. 97 actions across 13 frameworks including SOC 2, ISO 27001, HIPAA, GDPR, NIST CSF, PCI DSS, CI...
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- CHANGELOG.md, README.md, CONTRIBUTING.md, scripts/requirements.txt, scripts/check_ssl.py, scripts/auth_provider.py
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.2
Provenance
- Publisher
- mailnike
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
AuditClaw GRC
AI-native GRC assistant for OpenClaw. Manages compliance frameworks, controls, evidence, risks, policies, vendors, incidents, assets, training, vulnerabilities, access reviews, and questionnaires. 97 actions | 30 tables | 13 frameworks | 990+ controls
Security Model
Database: SQLite at ~/.openclaw/grc/compliance.sqlite with WAL mode, owner-only permissions (0o600) Credentials: Stored in ~/.openclaw/grc/credentials/ with per-provider directories, owner-only permissions (0o700 dirs, 0o600 files), atomic writes, and secure deletion (overwrite with random bytes before removal). Secrets are never logged or exposed in output. See scripts/credential_store.py for implementation. Trust center: Generates a local HTML file only. Nothing is published externally. The user decides where to host it. Dependencies: requests==2.31.0 (pinned) for HTTP header scanning. Cloud integrations optionally use boto3 (AWS) and PyJWT (Azure) via try/except -- these are not required and only activate if installed and credentials are configured. Scans: All security scans (headers, SSL, GDPR) run locally against user-specified URLs only. No telemetry: No data is sent to external endpoints. All operations are local or to user-configured cloud accounts only.
Optional Environment Variables (for cloud integrations)
These are not required for core GRC functionality. They are only used when the user explicitly sets up cloud provider integrations via companion skills: VariableUsed byAWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEYAWS integration (via auditclaw-aws)GITHUB_TOKENGitHub integration (via auditclaw-github)AZURE_SUBSCRIPTION_ID / AZURE_CLIENT_ID / AZURE_CLIENT_SECRET / AZURE_TENANT_IDAzure integration (via auditclaw-azure)GCP_PROJECT_ID / GOOGLE_APPLICATION_CREDENTIALSGCP integration (via auditclaw-gcp)GOOGLE_WORKSPACE_SA_KEY / GOOGLE_WORKSPACE_ADMIN_EMAILGoogle Workspace (via auditclaw-idp)OKTA_ORG_URL / OKTA_API_TOKENOkta (via auditclaw-idp)
Setup
python3 {baseDir}/scripts/init_db.py pip install -r {baseDir}/scripts/requirements.txt Database: ~/.openclaw/grc/compliance.sqlite
Voice and Formatting
Present data as formatted summaries, not raw JSON Keep messages under 4096 chars. Show top 5-10 rows, offer "Want the full list?" Emoji: โ complete, โ ๏ธ at-risk, ๐ด critical, ๐ scores, ๐ reports, ๐ security Include context: "23/43 controls complete (53%)" not just "23" After each action, suggest the next logical step
Activation Triggers
Activate on: compliance, GRC, SOC 2, ISO 27001, HIPAA, GDPR, NIST, PCI DSS, CIS, CMMC, HITRUST, CCPA, FedRAMP, ISO 42001, SOX, ITGC, controls, evidence, risks, audit, gap analysis, security posture, compliance score, framework, security scan.
Database Operations
All queries go through: python3 {baseDir}/scripts/db_query.py --action <action> [args] Output is JSON. Parse and present as human-readable summaries. For full action reference with all arguments: {baseDir}/references/db-actions.md
Core Actions
ActionPurposestatusOverall compliance overviewactivate-framework --slug soc2Load framework controlsgap-analysis --framework soc2Gaps with priority and effortscore-history --framework soc2Score trend over timelist-controls --framework soc2 --status in_progressFiltered controlsupdate-control --id 5 --status completeUpdate control (also batch: --id 1,2,3)add-evidence --title "..." --control-ids 1,2,3Record evidenceadd-risk --title "..." --likelihood 3 --impact 4Log a riskadd-vendor --name "..." --criticality highRegister vendoradd-incident --title "..." --severity criticalLog incidentgenerate-report --framework soc2HTML compliance reportgenerate-dashboardDashboard summary + Canvas HTMLexport-evidence --framework soc2ZIP package for auditorslist-companionsShow installed companion skills
Additional Action Categories
Policies: add, version, submit approval, review, require acknowledgment Training: add modules, assign, track completion, list overdue Vulnerabilities: add with CVE/CVSS, track remediation Access Reviews: create campaigns, add items, approve/revoke Questionnaires: create templates, send to vendors, record answers, score Incidents: add actions (timeline), post-incident reviews, summary with MTTR Assets: register with classification, lifecycle, encryption/backup/patch status Alerts: add, list, acknowledge, resolve Integrations: add provider, test connection, setup guide, show policy
Framework Activation
Run: python3 {baseDir}/scripts/db_query.py --action activate-framework --slug <slug> FrameworkSlugControlsSOC 2 Type IIsoc243ISO 27001:2022iso27001114HIPAA Security Rulehipaa29GDPRgdpr25NIST CSFnist-csf31PCI DSS v4.0pci-dss30CIS Controls v8cis-controls153CMMC 2.0cmmc113HITRUST CSF v11hitrust152CCPA/CPRAccpa28FedRAMP Moderatefedramp282ISO 42001:2023iso4200140SOX ITGCsox-itgc50 Framework reference docs: {baseDir}/references/frameworks/
Compliance Score
Run: python3 {baseDir}/scripts/compliance_score.py [--framework <slug>] [--store] Returns score (0-100), health distribution, trend, and drift detection. Use --store to save for tracking. Methodology: {baseDir}/references/scoring-methodology.md
Security Scanning
Headers: python3 {baseDir}/scripts/check_headers.py --url <url> (CSP, HSTS, X-Frame-Options, etc.) SSL/TLS: python3 {baseDir}/scripts/check_ssl.py --domain <domain> (cert validity, chain, cipher) GDPR: Browser-based cookie consent check (requires Chromium) After scans, offer to save results as evidence.
Reports and Exports
Report: python3 {baseDir}/scripts/generate_report.py --framework <slug> --format html Trust center: python3 {baseDir}/scripts/generate_trust_center.py [--org-name "Acme Corp"] (local HTML only) Evidence export: python3 {baseDir}/scripts/export_evidence.py --framework <slug>
First-Time Setup
When user asks to set up compliance: initialize DB silently, present framework options with control counts and use cases, offer gap analysis after activation.
Smart Defaults
Evidence type: infer from context (manual/automated/integration) Risk assessment: suggest likelihood/impact with reasoning, confirm before saving Bulk operations: list exactly what will change, confirm, report summary
Proactive Suggestions
After framework activation -> offer gap analysis and cloud integration setup. After marking controls complete -> offer score recalculation. After scanning -> offer to save as evidence. After scoring (< 30%) -> prioritize critical controls. (>= 90%) -> offer audit report.
Slash Commands
CommandAction/grc-scoreQuick compliance score/grc-gapsPriority gaps/grc-scanSecurity scan menu/grc-reportGenerate report/grc-risksRisk register/grc-incidentsActive incidents/grc-trustGenerate trust center
Scheduled Alerts (Cron)
Register via OpenClaw cron tool: Evidence expiry: daily 7 AM Score recalc: every 6 hours Weekly digest: Monday 8 AM Always include "Using auditclaw-grc skill" in cron messages for routing.
Companion Skills
Optional add-ons for automated cloud evidence collection. Evidence flows into the shared GRC database. SkillChecksSetupauditclaw-aws15 AWS checks (S3, IAM, CloudTrail, VPC, etc.)aws configure with read-only IAM policyauditclaw-github9 GitHub checks (branch protection, secrets, 2FA, etc.)GITHUB_TOKEN env varauditclaw-azure12 Azure checks (storage, NSG, Key Vault, etc.)Service principal with Reader + Security Readerauditclaw-gcp12 GCP checks (storage, firewall, IAM, etc.)GOOGLE_APPLICATION_CREDENTIALS with Viewer + Security Reviewerauditclaw-idp8 identity checks (Google Workspace + Okta)SA key + admin email / Okta API token Install: clawhub install auditclaw-<provider> If a user asks to connect a cloud provider, check list-companions first. If not installed, guide them to install it.
Integration Setup
Say "setup aws", "setup github", etc. to get step-by-step guides with exact permissions. Use "test aws connection" to verify before running scans.
Reference Files
{baseDir}/references/db-actions.md - Full action reference with all arguments {baseDir}/references/schema.md - Database schema {baseDir}/references/scoring-methodology.md - Scoring algorithm {baseDir}/references/commands/ - Detailed command guides {baseDir}/references/frameworks/ - Framework reference docs {baseDir}/references/integrations/ - Cloud integration guides
Category context
Long-tail utilities that do not fit the current primary taxonomy cleanly.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
3 Docs2 Scripts1 Files
- CHANGELOG.md
- CONTRIBUTING.md
- README.md
- scripts/auth_provider.py
- scripts/check_ssl.py
- scripts/requirements.txt