← Back to Skills Marketplace
AI Compliance
by
OpieTaylor911
· GitHub ↗
· v1.1.0
· MIT-0
282
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install ai-compliance
Description
AI compliance analysis for EU AI Act, ISO 42001, NIST AI RMF, GDPR, OECD, financial services regulations (SEC, FCA, FINRA, DORA, MiFID II), and other framewo...
README (SKILL.md)
AI Compliance Skill
Reference Files
Load only what's needed based on the request type:
Frameworks
- EU AI Act →
references/eu-ai-act.md— risk tiers, prohibited uses, obligations - ISO 42001 →
references/iso-42001.md— clauses, Annex A controls - NIST AI RMF →
references/nist-ai-rmf.md— GOVERN/MAP/MEASURE/MANAGE - GDPR, OECD, IEEE, UK, Singapore →
references/other-frameworks.md - Financial services (SEC, FCA, FINRA, DORA, MiFID II, MNPI) →
references/finserv-regulations.md - Jurisdiction map (global regulatory landscape) →
references/jurisdiction-map.md - ISO 27001 alignment →
references/iso27001-alignment.md
Output Templates & Tools
- Checklists, risk assessment, gap analysis templates →
references/checklist-templates.md - Vendor AI risk assessment questionnaire →
references/vendor-assessment.md - Acceptable use policy template →
references/aup-template.md - Data classification × AI tool matrix →
references/data-classification.md - AI system inventory template →
references/ai-inventory.md - AI risk scoring model (0–100) →
references/risk-scoring.md - Training requirements by role →
references/training-requirements.md
Remediation
- Incident response playbooks →
references/incident-response.md - Remediation playbooks (common gaps) →
references/remediation-playbooks.md
When in doubt about which files to load, load the framework files + the relevant output template.
Workflow
1. Understand the AI Tool/Use Case
Gather (or ask for):
- What does the AI system do? (intended purpose)
- Who uses it and how? (internal staff, customers, automated pipeline)
- What data does it process? (personal, financial, confidential, public)
- Where is it deployed? (EU context? affecting EU residents?)
- Consumer or enterprise tier? Third-party or internal?
2. Select Output Type
| Request | Load | Output |
|---|---|---|
| Compliance checklist | Framework files + checklist-templates.md | Full checklist per Template 1 |
| Risk assessment needed? | eu-ai-act.md + checklist-templates.md | Risk tier determination per Template 2 |
| Gap analysis | All framework files + checklist-templates.md | Gap table per Template 3 |
| Risk score | risk-scoring.md | Scored worksheet + risk level |
| Vendor assessment | vendor-assessment.md | Questionnaire + scoring |
| AUP draft | aup-template.md | Customized policy draft |
| Data classification guidance | data-classification.md | Matrix + decision tree |
| Incident response | incident-response.md | Relevant playbook |
| Remediation steps | remediation-playbooks.md | Relevant playbook(s) |
| Financial services overlay | finserv-regulations.md | Regulatory requirements |
| Training requirements | training-requirements.md | Role-based matrix |
| Jurisdiction guidance | jurisdiction-map.md | Applicable rules by region |
3. Output Structure
Always structure output as:
## AI Compliance Assessment: [Tool/Use Case Name]
### Risk Classification
### Applicable Frameworks
### Compliance Checklist (or Gap Analysis or Risk Score)
### Issues Found
### Recommendations
### Priority Actions
Key Principles
- Reference exact articles, clauses, controls (e.g., "EU AI Act Art.14", "ISO 42001 A.6.1", "NIST GOVERN 1.2")
- Flag HIGH/CRITICAL severity issues prominently — these are blockers
- Always include remediation steps, not just gaps — link to remediation-playbooks.md when relevant
- Cross-reference frameworks where they overlap
- For financial services firms: always check finserv-regulations.md for MNPI and sector-specific rules
- When uncertain about risk tier, err toward higher risk classification
Usage Guidance
This skill appears to be a coherent compliance toolkit (checklists, templates, and playbooks) and is likely useful for producing compliance outputs. Before using: 1) Review and remove or adapt any firm-specific examples (mentions of fi.com, webhook_events, or OpenClaw-specific paths/users) so you don't leak internal assumptions. 2) Do NOT execute any shell commands from remediation playbooks verbatim—verify they match your OS, user accounts, and security policies. 3) If you plan to have the agent access logs or webhook_events, ensure the agent runtime has explicit, auditable authorization to read those sources — otherwise the skill should ask you to provide relevant extracts rather than access them directly. 4) Confirm any vendor-contact or deletion requests described in playbooks are handled by authorized legal/security staff. If you want a more strict review, provide the exact runtime environment (what logs or systems the agent can access) and I can flag any instructions that would try to read or modify those assets.
Capability Analysis
Type: OpenClaw Skill
Name: ai-compliance
Version: 1.1.0
The bundle is a comprehensive AI compliance and governance toolkit designed to help an agent perform risk assessments and gap analyses against frameworks like the EU AI Act, ISO 42001, and NIST AI RMF. It contains high-quality reference documentation, policy templates, and incident response playbooks. While it includes remediation steps involving shell commands for securing secrets (remediation-playbooks.md) and references internal telemetry logs (webhook_events) to identify data leakage, these actions are entirely consistent with the stated purpose of a security and compliance auditor. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.
Capability Assessment
Purpose & Capability
The name/description (AI compliance across EU AI Act, ISO 42001, NIST, GDPR, financial regs) matches the included templates and reference files. The files and templates present are consistent with producing checklists, assessments, gap analyses and playbooks — no unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md instructs the agent to load relevant reference files and to gather information from the user about the AI system/use case, then produce structured compliance outputs. A few playbooks (incident-response, remediation) reference pulling prompts or events from 'webhook_events' or DLP logs; the skill does not declare any config paths or require automatic access to such logs, so those references are contextual examples but could lead an agent to attempt log access if given broad runtime permissions.
Install Mechanism
This is instruction-only (no install spec, no code files to execute). That is the lowest-risk install mechanism and consistent with the skill's purpose.
Credentials
The skill does not request environment variables or credentials. However, some reference files include operational commands and hard-coded operational guidance (e.g., storing secrets in /etc/openclaw/secrets.env and chown to user 'bcaddy', 'fi.com' telemetry references, and calls to webhook_events/DLP logs). Those are plausible for an in-house compliance runbook but are firm-specific and could be dangerous if copied verbatim into a different environment.
Persistence & Privilege
always:false, no install, and no requested system configuration changes. The skill does not request persistent presence or elevated platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ai-compliance - After installation, invoke the skill by name or use
/ai-compliance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
v1.1.0: Added vendor risk assessment questionnaire, incident response playbooks, AUP template, data classification matrix, AI system inventory, financial services regulatory overlay (SEC/FCA/FINRA/DORA/MiFID II), remediation playbooks, ISO 27001 alignment map, training requirements matrix, jurisdiction map, and AI risk scoring model (0-100)
v1.0.0
Initial release — EU AI Act, ISO 42001, NIST AI RMF compliance checklists, risk assessments, and gap analysis for AI tools and use cases
Metadata
Frequently Asked Questions
What is AI Compliance?
AI compliance analysis for EU AI Act, ISO 42001, NIST AI RMF, GDPR, OECD, financial services regulations (SEC, FCA, FINRA, DORA, MiFID II), and other framewo... It is an AI Agent Skill for Claude Code / OpenClaw, with 282 downloads so far.
How do I install AI Compliance?
Run "/install ai-compliance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AI Compliance free?
Yes, AI Compliance is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does AI Compliance support?
AI Compliance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AI Compliance?
It is built and maintained by OpieTaylor911 (@opietaylor911); the current version is v1.1.0.
More Skills