← Back to Skills Marketplace
romainsantoli-web

Firm Auth Compliance Pack

by romainsantoli-web · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
326
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install firm-auth-compliance-pack
Description
Authentication and compliance audit pack. OAuth 2.1/OIDC Discovery, token scope enforcement, tool deprecation lifecycle, circuit breaker, GDPR residency, DID...
README (SKILL.md)

firm-auth-compliance-pack

⚠️ Contenu généré par IA — validation humaine requise avant utilisation.

Purpose

Comprehensive authentication and compliance auditing: OAuth 2.1 / OIDC Discovery compliance (PKCE, RFC 9728, RFC 8707), token scope enforcement, tool deprecation lifecycle, circuit breaker patterns, GDPR data residency, W3C DID identity, multi-model routing, and resource links validation.

Tools (8)

Tool Description Severity
openclaw_oauth_oidc_audit OAuth 2.1 / OIDC Discovery compliance HIGH
openclaw_token_scope_check Token scope enforcement HIGH
openclaw_tool_deprecation_audit Tool deprecation lifecycle audit MEDIUM
openclaw_circuit_breaker_audit Circuit breaker pattern validation MEDIUM
openclaw_gdpr_residency_audit GDPR data residency compliance MEDIUM
openclaw_agent_identity_audit W3C DID agent identity validation MEDIUM
openclaw_model_routing_audit Multi-model routing configuration MEDIUM
openclaw_resource_links_audit Resource links validation MEDIUM

Usage

skills:
  - firm-auth-compliance-pack

# Run compliance audit:
openclaw_oauth_oidc_audit config_path=/path/to/config.json
openclaw_gdpr_residency_audit config_path=/path/to/config.json
openclaw_agent_identity_audit config_path=/path/to/config.json

Requirements

  • mcp-openclaw-extensions >= 3.0.0
Usage Guidance
This skill is an instruction-only compliance pack that expects 'mcp-openclaw-extensions >= 3.0.0' to provide the actual tools. Before installing or running it: 1) Confirm the external extension (mcp-openclaw-extensions) is present and from a trusted source; the skill itself contains no code. 2) Review any configuration files you pass as config_path — they may contain secrets or credentials; do not point the tool at sensitive files unless you trust the tool implementation. 3) Since the agent can invoke skills autonomously, consider restricting automatic runs until you've validated outputs manually. 4) Because the skill’s source/homepage is unknown, perform an additional provenance check or manual review of the extension that will supply the audit commands.
Capability Analysis
Type: OpenClaw Skill Name: firm-auth-compliance-pack Version: 1.0.0 The skill bundle consists of metadata and a markdown file describing an 'Authentication and compliance audit pack'. It outlines the purpose, lists internal OpenClaw audit tools, and provides usage examples. There is no executable code, no instructions for prompt injection, no attempts at data exfiltration, persistence, or obfuscation. The declared dependency `mcp-openclaw-extensions` is a standard requirement and does not indicate malicious intent within this skill itself.
Capability Assessment
Purpose & Capability
The name, description, and listed tools align with an authentication/compliance audit pack. However, the SKILL.md lists eight command-line-style tools but the skill provides no code or binaries itself; it declares a dependency on 'mcp-openclaw-extensions >= 3.0.0' in the SKILL.md metadata, implying those implementations must come from that extension. This is a reasonable design but depends entirely on that external package being present and trustworthy.
Instruction Scope
Runtime instructions show invoking tools like openclaw_oauth_oidc_audit with a config_path (e.g., /path/to/config.json). The instructions do not ask the agent to read unrelated system files or environment variables, but they do assume access to user-supplied config files — which may contain secrets. The SKILL.md also includes a caution that generated content needs human validation.
Install Mechanism
No install spec and no code files: lowest-risk distribution model. The skill is instruction-only and therefore does not write files or download archives itself. The only install-related requirement is the declared dependency on 'mcp-openclaw-extensions >= 3.0.0', but there is no install step provided here.
Credentials
The skill declares no required environment variables, credentials, or config paths. This is proportionate to the stated purpose of being an audit/instruction pack. Caveat: the external tools it invokes (from the required extension) may in practice need credentials or access to config files containing secrets — the SKILL.md does not document those runtime needs.
Persistence & Privilege
Flags show the skill is not always-enabled and allows user invocation; model invocation is enabled by default (normal). The skill does not request persistent system presence or modifications to other skills. Because it can be invoked autonomously by the agent, users should be mindful that running the audits could cause the agent to read configuration files if instructed.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install firm-auth-compliance-pack
  3. After installation, invoke the skill by name or use /firm-auth-compliance-pack
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — 8 tools: OAuth/OIDC, token scope, deprecation, GDPR, DID, routing
Metadata
Slug firm-auth-compliance-pack
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Firm Auth Compliance Pack?

Authentication and compliance audit pack. OAuth 2.1/OIDC Discovery, token scope enforcement, tool deprecation lifecycle, circuit breaker, GDPR residency, DID... It is an AI Agent Skill for Claude Code / OpenClaw, with 326 downloads so far.

How do I install Firm Auth Compliance Pack?

Run "/install firm-auth-compliance-pack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Firm Auth Compliance Pack free?

Yes, Firm Auth Compliance Pack is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Firm Auth Compliance Pack support?

Firm Auth Compliance Pack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Firm Auth Compliance Pack?

It is built and maintained by romainsantoli-web (@romainsantoli-web); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments