← 返回 Skills 市场

Whistleblower Ethics Hotline

Name: Whistleblower Ethics Hotline
Author: 1kalin

作者 1kalin · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

449

总下载

当前安装

版本数

在 OpenClaw 中安装

/install afrexai-whistleblower

功能描述

Confidential whistleblower system supporting anonymous intake, triage, investigations, regulatory compliance, retaliation prevention, and board reporting tem...

使用说明 (SKILL.md)

Whistleblower & Ethics Hotline Framework

Build a confidential reporting system and ethics investigation workflow for your organization. Covers anonymous intake, case triage, investigation protocols, regulatory obligations, and retaliation prevention.

What This Skill Does

When activated, guide the user through:

Intake Channel Design — Set up anonymous reporting (web form, hotline, email alias, physical drop box). Ensure no metadata leaks caller identity. Recommend third-party platforms (EthicsPoint, NAVEX, AllVoices) vs self-hosted.

Case Triage Matrix

Severity	Examples	Response SLA	Escalation
Critical	Fraud >$50K, safety hazard, harassment by exec	24 hours	Board/Audit Committee + outside counsel
High	Policy violation, discrimination, data breach	72 hours	General Counsel + CHRO
Medium	Conflict of interest, expense abuse	5 business days	Compliance Officer
Low	Policy questions, minor conduct	10 business days	HR Business Partner

Investigation Protocol
- Preserve evidence before interviewing
- Separation of duties: investigator ≠ accused's manager
- Interview template: open questions, avoid leading, document verbatim
- Chain of custody for digital evidence
- Timeline reconstruction framework
- Findings memo template (facts only, no opinion)
Regulatory Compliance by Jurisdiction
- US: SOX Section 301 (public companies must have anonymous channel), Dodd-Frank (SEC bounty program, anti-retaliation), False Claims Act (qui tam)
- EU: EU Whistleblower Directive 2019/1937 (mandatory for 50+ employees, 3-month feedback deadline)
- UK: Public Interest Disclosure Act 1998 (PIDA), FCA whistleblowing rules
- Australia: Corporations Act 2001 Part 9.4AAA
- Canada: PSDPA (federal public sector), provincial variations
Retaliation Prevention Checklist
- Document reporter's current performance rating, comp, role BEFORE investigation
- No adverse actions (termination, transfer, demotion, schedule change) without compliance sign-off
- Monitor for subtle retaliation: exclusion from meetings, workload changes, peer pressure
- Mandatory retaliation training for all managers annually
- Exit interview flag: "Were you ever discouraged from reporting concerns?"
Board Reporting Template
- Quarterly: # reports received, # open, # closed, avg resolution time, category breakdown
- Annual: trends, benchmarking vs industry (NAVEX Hotline Benchmark Report), policy changes made, training completion rates
Policy Document Generator Output a complete Whistleblower Protection Policy covering:
- Purpose and scope
- Protected disclosures definition
- Reporting channels
- Confidentiality and anonymity guarantees
- Investigation process overview
- Non-retaliation commitment
- Record retention (7 years minimum)
- Annual review clause

10-Industry Benchmarks

Industry	Avg Reports per 100 Employees	Top Category	Compliance Focus
Financial Services	1.4	Fraud/Theft	SOX, BSA/AML, FCA
Healthcare	1.8	Patient Safety	HIPAA, False Claims Act
Manufacturing	0.9	Safety/Environment	OSHA, EPA
Technology	0.7	HR/Discrimination	SOX (if public), GDPR
Government	1.2	Waste/Abuse	Inspector General, PSDPA
Education	0.8	Title IX, Safety	Clery Act, Title IX
Retail	1.1	Theft/HR	FLSA, state wage laws
Energy	1.0	Safety/Environment	NRC, EPA, OSHA
Legal/Professional	0.6	Conflicts of Interest	Bar rules, SOX
Construction	1.3	Safety/Wage	OSHA, Davis-Bacon

Output Format

Deliver as structured markdown with clear sections. Include jurisdiction-specific callouts based on user's location. Provide copy-paste policy language where appropriate.

Built by AfrexAI — AI agent context packs for every business function. Browse all packs: https://afrexai-cto.github.io/context-packs/

安全使用建议

This skill is instruction-only and coherent with its stated purpose, but before installing: (1) verify any third-party platform recommendations for privacy/security and contract terms, (2) review jurisdiction-specific legal claims with counsel (the SKILL.md summarizes laws but is not a substitute for legal advice), (3) when generating policies/templates, avoid pasting real PII or internal secrets into prompts, and (4) if you plan to implement an intake channel, ensure technical designs actually preserve anonymity (log scrubbing, metadata handling) and are tested by your security/privacy teams.

功能分析

Type: OpenClaw Skill Name: afrexai-whistleblower Version: 1.0.0 The skill bundle is benign. All files (SKILL.md, README.md, _meta.json) consistently describe a legitimate 'Whistleblower & Ethics Hotline Framework' for an AI agent, providing information and instructions for generating policy documents and advice. There are no indications of malicious intent, such as data exfiltration, unauthorized command execution, persistence mechanisms, or adversarial prompt injection attempts against the agent. External links in SKILL.md and README.md are purely promotional, pointing to GitHub Pages for related content.

能力评估

✓ Purpose & Capability

Name and description match the SKILL.md and README: guidance for anonymous intake, triage, investigations, compliance, and policy generation. There are no unexpected requirements (no env vars, binaries, or installs) that conflict with the stated purpose.

✓ Instruction Scope

Runtime instructions are limited to procedural guidance (intake design, triage, investigation protocol, jurisdictional rules, templates). They do not instruct the agent to read local files, access environment variables, or transmit data to hidden endpoints. Recommending third-party platforms and including jurisdiction-specific callouts is reasonable for this use case.

✓ Install Mechanism

No install spec or code files are included; this is instruction-only, which minimizes on-disk execution risk.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. That is proportionate for a policy/guidance pack that generates documents and checklists.

✓ Persistence & Privilege

always is false and there is no request for permanent presence or modification of other skills or system settings. The skill can be invoked by the agent (default), which is expected for a user-invokable guidance pack.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install afrexai-whistleblower
安装完成后，直接呼叫该 Skill 的名称或使用 /afrexai-whistleblower 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release - confidential whistleblower & ethics hotline skill. - Guides setup of anonymous reporting channels and case triage workflows. - Includes protocols for investigations, evidence handling, and non-retaliation. - Provides regulatory compliance outlines for US, EU, UK, Australia, and Canada. - Outputs templates for board reporting and whistleblower policy documents. - Features benchmarking across 10 industries with compliance focus and metrics.

元数据

Slug afrexai-whistleblower

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题