← Back to Skills Marketplace
1156
Downloads
1
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install afrexai-compliance-audit
Description
Generates detailed compliance audits with risk-prioritized findings and remediation plans for frameworks like SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS.
README (SKILL.md)
Compliance Audit Generator
Run internal compliance audits against major frameworks without hiring a consultant.
What It Does
Generates a structured compliance audit for your organization against any of these frameworks:
- SOC 2 (Type I & II) — Trust Services Criteria
- ISO 27001 — Information Security Management
- GDPR — Data Protection (EU/UK)
- HIPAA — Healthcare Data (US)
- PCI DSS — Payment Card Security
- SOX — Financial Controls (US public companies)
- CCPA/CPRA — California Consumer Privacy
How to Use
Tell the agent which framework you need audited. Provide context about your organization:
- Industry and size
- Current security controls
- Data types you handle
- Existing certifications
- Known gaps or concerns
Example Prompts
- "Run a SOC 2 readiness audit for our 40-person SaaS company"
- "Check our GDPR compliance — we process EU customer data and use AWS"
- "Generate an ISO 27001 gap analysis for our fintech startup"
- "Audit our HIPAA controls — we're a healthtech handling PHI"
Output Format
The agent produces:
1. Executive Summary
- Overall readiness score (0-100%)
- Critical gaps count
- Estimated remediation timeline
2. Control-by-Control Assessment
For each control domain:
- Status: Compliant / Partial / Non-Compliant / Not Assessed
- Evidence Required: What auditors will ask for
- Current Gap: What's missing
- Remediation Steps: Specific actions to close the gap
- Priority: Critical / High / Medium / Low
- Effort: Hours/days estimate
3. Remediation Roadmap
- Phase 1 (0-30 days): Critical fixes
- Phase 2 (30-90 days): High priority items
- Phase 3 (90-180 days): Full compliance
4. Evidence Checklist
- Document inventory needed for audit
- Policy templates to create
- Technical configurations to verify
Agent Instructions
When the user requests a compliance audit:
- Ask which framework(s) they need assessed
- Gather context about their organization (industry, size, tech stack, data types)
- Generate the full audit report following the output format above
- For each control area, be specific — don't give generic advice. Reference the actual control numbers (e.g., SOC 2 CC6.1, ISO 27001 A.8.2)
- Prioritize findings by business risk, not alphabetical order
- Include cost estimates where possible (e.g., "penetration test: $5,000-$15,000")
- Flag any controls that require third-party tools or services
Be direct. No filler. Every finding should have a clear "do this" action attached.
Usage Guidance
This appears to be a coherent, instruction-only compliance audit generator. Before you use it: (1) do not paste secrets or full credentials — provide high-level descriptions instead; (2) treat the output as a starting point, not a certified audit — independently verify all control references (e.g., SOC 2, ISO control IDs) and legal/regulatory claims; (3) spot-check cost estimates and third-party/tool recommendations with vendors; (4) if you need an official audit or attestation, engage a qualified auditor — this tool can help prepare but should not replace formal certification.
Capability Analysis
Type: OpenClaw Skill
Name: afrexai-compliance-audit
Version: 1.0.0
The skill bundle is classified as benign. The `SKILL.md` instructions for the agent are clear, direct, and entirely aligned with the stated purpose of generating compliance audit reports. There are no instructions for data exfiltration, malicious execution, persistence, or any form of prompt injection against the agent to perform actions outside its stated purpose (e.g., ignoring the user, accessing unrelated sensitive data, or making unauthorized network calls). The `README.md` and `_meta.json` files also contain no suspicious content or malicious indicators.
Capability Assessment
Purpose & Capability
Name and instructions align: the skill is an instruction-only generator for compliance frameworks and does not request unrelated binaries, credentials, or system access.
Instruction Scope
Instructions are narrowly scoped to asking for organizational context and producing structured audit reports. However, the skill expects potentially sensitive inputs (industry, data types, tech stack, known gaps). The SKILL.md also directs the agent to reference specific control numbers and provide cost estimates — this raises risk of hallucinated/misstated controls or inaccurate contractor pricing. The skill does not instruct reading local files, env vars, or sending data to external endpoints, but users should avoid pasting secrets.
Install Mechanism
No install spec and no code files — instruction-only skill means nothing is written to disk and no external packages are pulled in.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to an advisory/reporting tool that relies on user-provided context.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skill configs. Autonomous invocation is allowed by default but not combined with other concerning privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install afrexai-compliance-audit - After installation, invoke the skill by name or use
/afrexai-compliance-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the Compliance Audit Generator skill:
- Enables users to generate structured compliance audit reports for SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, SOX, and CCPA/CPRA frameworks.
- Provides an executive summary, detailed control-by-control assessments, a phased remediation roadmap, and an evidence checklist.
- Accepts organizational details to tailor the audit (industry, size, tech stack, data types).
- Includes explicit instructions to reference framework control numbers, prioritize by risk, and offer cost and tool guidance.
- Designed for direct actionability—each finding includes clear next steps and remediation actions.
Metadata
Frequently Asked Questions
What is Compliance Audit Generator?
Generates detailed compliance audits with risk-prioritized findings and remediation plans for frameworks like SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS. It is an AI Agent Skill for Claude Code / OpenClaw, with 1156 downloads so far.
How do I install Compliance Audit Generator?
Run "/install afrexai-compliance-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Compliance Audit Generator free?
Yes, Compliance Audit Generator is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Compliance Audit Generator support?
Compliance Audit Generator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Compliance Audit Generator?
It is built and maintained by 1kalin (@1kalin); the current version is v1.0.0.
More Skills