← Back to Skills Marketplace
1kalin

Data Governance Framework

by 1kalin · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
641
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install afrexai-data-governance
Description
Evaluate and improve your organization's data governance across six domains by scoring controls, identifying risks, and prioritizing remediation actions.
README (SKILL.md)

Data Governance Framework

Assess, score, and remediate your organization's data governance posture across 6 domains.

What This Covers

  1. Data Quality — Completeness, accuracy, consistency, timeliness scoring
  2. Data Cataloging — Asset inventory, lineage tracking, metadata management
  3. Access Control — Role-based permissions, least privilege, data classification (public/internal/confidential/restricted)
  4. Compliance Mapping — GDPR, CCPA, SOX, HIPAA, PCI-DSS, industry-specific regulations
  5. Retention & Lifecycle — Retention policies, archival schedules, deletion procedures, legal hold
  6. AI/Agent Data Governance — Training data provenance, model input/output logging, bias detection, PII handling in agent workflows

How to Use

When asked to assess data governance:

  1. Ask which domains are priority (or assess all 6)
  2. For each domain, evaluate 8 controls on a 0-3 scale:
    • 0 = Not implemented
    • 1 = Ad hoc / informal
    • 2 = Documented and partially enforced
    • 3 = Automated and continuously monitored
  3. Calculate domain score (sum / 24 × 100)
  4. Calculate overall governance score (average of domains)
  5. Generate remediation roadmap prioritized by risk

Scoring Interpretation

Score Rating Action
0-25% Critical Immediate remediation — regulatory risk
26-50% Developing 90-day improvement plan required
51-75% Managed Optimize and automate weak areas
76-100% Optimized Maintain and benchmark against peers

Domain 1: Data Quality Controls

  1. Data profiling automation (duplicate detection, format validation)
  2. Quality dashboards with SLA thresholds
  3. Root cause analysis for quality failures
  4. Stewardship program (assigned data owners per domain)
  5. Quality gates in data pipelines (reject bad data at ingestion)
  6. Business rule validation (domain-specific logic checks)
  7. Cross-system reconciliation (source vs target matching)
  8. Quality trend tracking (month-over-month improvement metrics)

Domain 2: Data Cataloging Controls

  1. Automated asset discovery (databases, APIs, files, SaaS)
  2. Business glossary with agreed definitions
  3. Data lineage tracking (source → transformation → consumption)
  4. Search and discovery interface for business users
  5. Metadata enrichment (tags, classifications, sensitivity labels)
  6. Catalog coverage tracking (% of assets documented)
  7. Usage analytics (who accesses what, how often)
  8. Integration with BI/analytics tools (catalog-aware queries)

Domain 3: Access Control

  1. Role-based access control (RBAC) with regular review
  2. Data classification enforcement (labels drive permissions)
  3. Least privilege principle (minimal default access)
  4. Access request and approval workflows
  5. Privileged access management (admin accounts monitored)
  6. Access certification (quarterly re-certification of permissions)
  7. Anomaly detection (unusual access patterns flagged)
  8. De-provisioning automation (access removed on role change/exit)

Domain 4: Compliance Mapping

  1. Regulation inventory (which laws apply, by geography and industry)
  2. Control-to-regulation mapping (which controls satisfy which requirements)
  3. Data processing records (Article 30 GDPR / equivalent)
  4. Consent management (capture, storage, withdrawal tracking)
  5. Data subject rights automation (access, deletion, portability)
  6. Cross-border transfer compliance (SCCs, adequacy decisions)
  7. Breach notification procedures (72-hour GDPR, state-specific)
  8. Regular compliance audits (internal + third-party)

Domain 5: Retention & Lifecycle

  1. Retention schedule by data type (contractual, regulatory, operational)
  2. Automated archival pipelines (hot → warm → cold → delete)
  3. Legal hold management (litigation preservation)
  4. Deletion verification (confirmed purge with audit trail)
  5. Storage cost optimization (tiered storage aligned to access patterns)
  6. Backup and recovery testing (regular restore drills)
  7. Data minimization enforcement (collect only what is needed)
  8. End-of-life procedures for decommissioned systems

Domain 6: AI/Agent Data Governance

  1. Training data provenance tracking (source, consent, bias review)
  2. Model input/output logging (what went in, what came out)
  3. PII detection and masking in agent workflows
  4. Hallucination monitoring (output accuracy validation)
  5. Agent decision audit trail (explainability for automated decisions)
  6. Data feedback loops (human review of agent data modifications)
  7. Vendor data sharing agreements (what third-party APIs see your data)
  8. Synthetic data policies (when and how to use generated data)

Cost of Poor Governance

Risk Average Cost Prevention Cost
GDPR fine $4.3M (average 2025) $45K-$120K/year
Data breach $4.88M (IBM 2025) $60K-$200K/year
Failed audit $150K-$500K remediation $30K-$80K/year
Bad data decisions 15-25% revenue impact $20K-$60K/year
AI bias incident $2M-$50M (litigation + brand) $25K-$75K/year

Remediation Priority Matrix

Always fix in this order:

  1. Compliance gaps — regulatory fines are existential
  2. Access control — breaches destroy trust overnight
  3. AI governance — fastest-growing risk category
  4. Data quality — garbage in = garbage out at scale
  5. Cataloging — you cannot govern what you cannot find
  6. Retention — storage costs compound, legal risk accumulates

Industry Benchmarks (2026)

Industry Avg Governance Score Top Quartile Regulatory Pressure
Financial Services 68% 85%+ Extreme (SOX, PCI, GDPR)
Healthcare 62% 80%+ High (HIPAA, FDA, state)
SaaS/Tech 55% 78%+ Growing (SOC 2, GDPR, CCPA)
Manufacturing 45% 70%+ Moderate (ITAR, ISO)
Retail/Ecommerce 48% 72%+ Growing (PCI, CCPA, GDPR)

Next Steps

Need a complete data governance implementation tailored to your industry?

Usage Guidance
This skill is a content/template-style governance framework and appears coherent with its description. Because it is instruction-only, it will not itself exfiltrate data or install code — however, be cautious about sharing actual organizational data or secrets when using it. If you plan to let an autonomous agent use this skill, restrict the agent's access to connectors that contain sensitive PII or credentials unless you explicitly approve that data be used. Also note README links to external AfrexAI pages (context packs, paid content) — those are optional resources outside the skill and should be reviewed separately before following or purchasing.
Capability Analysis
Type: OpenClaw Skill Name: afrexai-data-governance Version: 1.0.0 The skill's primary purpose of assessing data governance is benign. However, the `SKILL.md` and `README.md` files contain external links to `afrexai-cto.github.io` for 'AI revenue calculator', 'context packs', and 'agent setup wizard'. While these links are presented as resources for the user, their presence introduces a potential risk. An AI agent, if susceptible to prompt injection, could be coerced into visiting these external URLs, which could lead to unintended network calls, exposure to malicious content, or execution of untrusted scripts if the agent's environment is not adequately sandboxed. This constitutes a risky capability without clear malicious intent within the skill's instructions, thus classifying it as suspicious.
Capability Assessment
Purpose & Capability
Name and description match the SKILL.md: a 6-domain governance assessment with scoring and remediation. There are no unrelated required env vars, binaries, or config paths that would be inconsistent with a governance framework.
Instruction Scope
Runtime instructions are limited to asking the user which domains to assess, scoring 48 controls, computing metrics, and producing remediation roadmaps. The SKILL.md does not instruct reading system files, scanning environment variables, or sending data to external endpoints.
Install Mechanism
No install spec and no code files — lowest-risk posture (instruction-only). Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. It does discuss handling sensitive data conceptually (PII, provenance) but does not request secrets or external tokens.
Persistence & Privilege
Flags are default (always:false, user-invocable:true, model invocation allowed). The skill does not request permanent presence or attempt to modify other skills or system-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install afrexai-data-governance
  3. After installation, invoke the skill by name or use /afrexai-data-governance
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the afrexai-data-governance skill, providing a comprehensive framework to assess and improve organizational data governance across six key domains. - Covers Data Quality, Data Cataloging, Access Control, Compliance Mapping, Retention & Lifecycle, and AI/Agent Data Governance. - Includes a standardized controls-based assessment and scoring methodology (0–3 scale) for each domain. - Provides scoring interpretation guidelines, remediation roadmap generation, and industry benchmarks for context. - Offers a cost-risk matrix quantifying the impact of poor governance versus preventative investment. - Lists practical next steps and additional resources for deeper implementation.
Metadata
Slug afrexai-data-governance
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Data Governance Framework?

Evaluate and improve your organization's data governance across six domains by scoring controls, identifying risks, and prioritizing remediation actions. It is an AI Agent Skill for Claude Code / OpenClaw, with 641 downloads so far.

How do I install Data Governance Framework?

Run "/install afrexai-data-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Data Governance Framework free?

Yes, Data Governance Framework is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Data Governance Framework support?

Data Governance Framework is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Data Governance Framework?

It is built and maintained by 1kalin (@1kalin); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments