← 返回 Skills 市场
1kalin

Data Governance Framework

作者 1kalin · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
641
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install afrexai-data-governance
功能描述
Evaluate and improve your organization's data governance across six domains by scoring controls, identifying risks, and prioritizing remediation actions.
使用说明 (SKILL.md)

Data Governance Framework

Assess, score, and remediate your organization's data governance posture across 6 domains.

What This Covers

  1. Data Quality — Completeness, accuracy, consistency, timeliness scoring
  2. Data Cataloging — Asset inventory, lineage tracking, metadata management
  3. Access Control — Role-based permissions, least privilege, data classification (public/internal/confidential/restricted)
  4. Compliance Mapping — GDPR, CCPA, SOX, HIPAA, PCI-DSS, industry-specific regulations
  5. Retention & Lifecycle — Retention policies, archival schedules, deletion procedures, legal hold
  6. AI/Agent Data Governance — Training data provenance, model input/output logging, bias detection, PII handling in agent workflows

How to Use

When asked to assess data governance:

  1. Ask which domains are priority (or assess all 6)
  2. For each domain, evaluate 8 controls on a 0-3 scale:
    • 0 = Not implemented
    • 1 = Ad hoc / informal
    • 2 = Documented and partially enforced
    • 3 = Automated and continuously monitored
  3. Calculate domain score (sum / 24 × 100)
  4. Calculate overall governance score (average of domains)
  5. Generate remediation roadmap prioritized by risk

Scoring Interpretation

Score Rating Action
0-25% Critical Immediate remediation — regulatory risk
26-50% Developing 90-day improvement plan required
51-75% Managed Optimize and automate weak areas
76-100% Optimized Maintain and benchmark against peers

Domain 1: Data Quality Controls

  1. Data profiling automation (duplicate detection, format validation)
  2. Quality dashboards with SLA thresholds
  3. Root cause analysis for quality failures
  4. Stewardship program (assigned data owners per domain)
  5. Quality gates in data pipelines (reject bad data at ingestion)
  6. Business rule validation (domain-specific logic checks)
  7. Cross-system reconciliation (source vs target matching)
  8. Quality trend tracking (month-over-month improvement metrics)

Domain 2: Data Cataloging Controls

  1. Automated asset discovery (databases, APIs, files, SaaS)
  2. Business glossary with agreed definitions
  3. Data lineage tracking (source → transformation → consumption)
  4. Search and discovery interface for business users
  5. Metadata enrichment (tags, classifications, sensitivity labels)
  6. Catalog coverage tracking (% of assets documented)
  7. Usage analytics (who accesses what, how often)
  8. Integration with BI/analytics tools (catalog-aware queries)

Domain 3: Access Control

  1. Role-based access control (RBAC) with regular review
  2. Data classification enforcement (labels drive permissions)
  3. Least privilege principle (minimal default access)
  4. Access request and approval workflows
  5. Privileged access management (admin accounts monitored)
  6. Access certification (quarterly re-certification of permissions)
  7. Anomaly detection (unusual access patterns flagged)
  8. De-provisioning automation (access removed on role change/exit)

Domain 4: Compliance Mapping

  1. Regulation inventory (which laws apply, by geography and industry)
  2. Control-to-regulation mapping (which controls satisfy which requirements)
  3. Data processing records (Article 30 GDPR / equivalent)
  4. Consent management (capture, storage, withdrawal tracking)
  5. Data subject rights automation (access, deletion, portability)
  6. Cross-border transfer compliance (SCCs, adequacy decisions)
  7. Breach notification procedures (72-hour GDPR, state-specific)
  8. Regular compliance audits (internal + third-party)

Domain 5: Retention & Lifecycle

  1. Retention schedule by data type (contractual, regulatory, operational)
  2. Automated archival pipelines (hot → warm → cold → delete)
  3. Legal hold management (litigation preservation)
  4. Deletion verification (confirmed purge with audit trail)
  5. Storage cost optimization (tiered storage aligned to access patterns)
  6. Backup and recovery testing (regular restore drills)
  7. Data minimization enforcement (collect only what is needed)
  8. End-of-life procedures for decommissioned systems

Domain 6: AI/Agent Data Governance

  1. Training data provenance tracking (source, consent, bias review)
  2. Model input/output logging (what went in, what came out)
  3. PII detection and masking in agent workflows
  4. Hallucination monitoring (output accuracy validation)
  5. Agent decision audit trail (explainability for automated decisions)
  6. Data feedback loops (human review of agent data modifications)
  7. Vendor data sharing agreements (what third-party APIs see your data)
  8. Synthetic data policies (when and how to use generated data)

Cost of Poor Governance

Risk Average Cost Prevention Cost
GDPR fine $4.3M (average 2025) $45K-$120K/year
Data breach $4.88M (IBM 2025) $60K-$200K/year
Failed audit $150K-$500K remediation $30K-$80K/year
Bad data decisions 15-25% revenue impact $20K-$60K/year
AI bias incident $2M-$50M (litigation + brand) $25K-$75K/year

Remediation Priority Matrix

Always fix in this order:

  1. Compliance gaps — regulatory fines are existential
  2. Access control — breaches destroy trust overnight
  3. AI governance — fastest-growing risk category
  4. Data quality — garbage in = garbage out at scale
  5. Cataloging — you cannot govern what you cannot find
  6. Retention — storage costs compound, legal risk accumulates

Industry Benchmarks (2026)

Industry Avg Governance Score Top Quartile Regulatory Pressure
Financial Services 68% 85%+ Extreme (SOX, PCI, GDPR)
Healthcare 62% 80%+ High (HIPAA, FDA, state)
SaaS/Tech 55% 78%+ Growing (SOC 2, GDPR, CCPA)
Manufacturing 45% 70%+ Moderate (ITAR, ISO)
Retail/Ecommerce 48% 72%+ Growing (PCI, CCPA, GDPR)

Next Steps

Need a complete data governance implementation tailored to your industry?

安全使用建议
This skill is a content/template-style governance framework and appears coherent with its description. Because it is instruction-only, it will not itself exfiltrate data or install code — however, be cautious about sharing actual organizational data or secrets when using it. If you plan to let an autonomous agent use this skill, restrict the agent's access to connectors that contain sensitive PII or credentials unless you explicitly approve that data be used. Also note README links to external AfrexAI pages (context packs, paid content) — those are optional resources outside the skill and should be reviewed separately before following or purchasing.
功能分析
Type: OpenClaw Skill Name: afrexai-data-governance Version: 1.0.0 The skill's primary purpose of assessing data governance is benign. However, the `SKILL.md` and `README.md` files contain external links to `afrexai-cto.github.io` for 'AI revenue calculator', 'context packs', and 'agent setup wizard'. While these links are presented as resources for the user, their presence introduces a potential risk. An AI agent, if susceptible to prompt injection, could be coerced into visiting these external URLs, which could lead to unintended network calls, exposure to malicious content, or execution of untrusted scripts if the agent's environment is not adequately sandboxed. This constitutes a risky capability without clear malicious intent within the skill's instructions, thus classifying it as suspicious.
能力评估
Purpose & Capability
Name and description match the SKILL.md: a 6-domain governance assessment with scoring and remediation. There are no unrelated required env vars, binaries, or config paths that would be inconsistent with a governance framework.
Instruction Scope
Runtime instructions are limited to asking the user which domains to assess, scoring 48 controls, computing metrics, and producing remediation roadmaps. The SKILL.md does not instruct reading system files, scanning environment variables, or sending data to external endpoints.
Install Mechanism
No install spec and no code files — lowest-risk posture (instruction-only). Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. It does discuss handling sensitive data conceptually (PII, provenance) but does not request secrets or external tokens.
Persistence & Privilege
Flags are default (always:false, user-invocable:true, model invocation allowed). The skill does not request permanent presence or attempt to modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install afrexai-data-governance
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /afrexai-data-governance 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the afrexai-data-governance skill, providing a comprehensive framework to assess and improve organizational data governance across six key domains. - Covers Data Quality, Data Cataloging, Access Control, Compliance Mapping, Retention & Lifecycle, and AI/Agent Data Governance. - Includes a standardized controls-based assessment and scoring methodology (0–3 scale) for each domain. - Provides scoring interpretation guidelines, remediation roadmap generation, and industry benchmarks for context. - Offers a cost-risk matrix quantifying the impact of poor governance versus preventative investment. - Lists practical next steps and additional resources for deeper implementation.
元数据
Slug afrexai-data-governance
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Data Governance Framework 是什么?

Evaluate and improve your organization's data governance across six domains by scoring controls, identifying risks, and prioritizing remediation actions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 641 次。

如何安装 Data Governance Framework?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install afrexai-data-governance」即可一键安装,无需额外配置。

Data Governance Framework 是免费的吗?

是的,Data Governance Framework 完全免费(开源免费),可自由下载、安装和使用。

Data Governance Framework 支持哪些平台?

Data Governance Framework 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Data Governance Framework?

由 1kalin(@1kalin)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论