← 返回 Skills 市场
AI Compliance
作者
OpieTaylor911
· GitHub ↗
· v1.1.0
· MIT-0
282
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install ai-compliance
功能描述
AI compliance analysis for EU AI Act, ISO 42001, NIST AI RMF, GDPR, OECD, financial services regulations (SEC, FCA, FINRA, DORA, MiFID II), and other framewo...
使用说明 (SKILL.md)
AI Compliance Skill
Reference Files
Load only what's needed based on the request type:
Frameworks
- EU AI Act →
references/eu-ai-act.md— risk tiers, prohibited uses, obligations - ISO 42001 →
references/iso-42001.md— clauses, Annex A controls - NIST AI RMF →
references/nist-ai-rmf.md— GOVERN/MAP/MEASURE/MANAGE - GDPR, OECD, IEEE, UK, Singapore →
references/other-frameworks.md - Financial services (SEC, FCA, FINRA, DORA, MiFID II, MNPI) →
references/finserv-regulations.md - Jurisdiction map (global regulatory landscape) →
references/jurisdiction-map.md - ISO 27001 alignment →
references/iso27001-alignment.md
Output Templates & Tools
- Checklists, risk assessment, gap analysis templates →
references/checklist-templates.md - Vendor AI risk assessment questionnaire →
references/vendor-assessment.md - Acceptable use policy template →
references/aup-template.md - Data classification × AI tool matrix →
references/data-classification.md - AI system inventory template →
references/ai-inventory.md - AI risk scoring model (0–100) →
references/risk-scoring.md - Training requirements by role →
references/training-requirements.md
Remediation
- Incident response playbooks →
references/incident-response.md - Remediation playbooks (common gaps) →
references/remediation-playbooks.md
When in doubt about which files to load, load the framework files + the relevant output template.
Workflow
1. Understand the AI Tool/Use Case
Gather (or ask for):
- What does the AI system do? (intended purpose)
- Who uses it and how? (internal staff, customers, automated pipeline)
- What data does it process? (personal, financial, confidential, public)
- Where is it deployed? (EU context? affecting EU residents?)
- Consumer or enterprise tier? Third-party or internal?
2. Select Output Type
| Request | Load | Output |
|---|---|---|
| Compliance checklist | Framework files + checklist-templates.md | Full checklist per Template 1 |
| Risk assessment needed? | eu-ai-act.md + checklist-templates.md | Risk tier determination per Template 2 |
| Gap analysis | All framework files + checklist-templates.md | Gap table per Template 3 |
| Risk score | risk-scoring.md | Scored worksheet + risk level |
| Vendor assessment | vendor-assessment.md | Questionnaire + scoring |
| AUP draft | aup-template.md | Customized policy draft |
| Data classification guidance | data-classification.md | Matrix + decision tree |
| Incident response | incident-response.md | Relevant playbook |
| Remediation steps | remediation-playbooks.md | Relevant playbook(s) |
| Financial services overlay | finserv-regulations.md | Regulatory requirements |
| Training requirements | training-requirements.md | Role-based matrix |
| Jurisdiction guidance | jurisdiction-map.md | Applicable rules by region |
3. Output Structure
Always structure output as:
## AI Compliance Assessment: [Tool/Use Case Name]
### Risk Classification
### Applicable Frameworks
### Compliance Checklist (or Gap Analysis or Risk Score)
### Issues Found
### Recommendations
### Priority Actions
Key Principles
- Reference exact articles, clauses, controls (e.g., "EU AI Act Art.14", "ISO 42001 A.6.1", "NIST GOVERN 1.2")
- Flag HIGH/CRITICAL severity issues prominently — these are blockers
- Always include remediation steps, not just gaps — link to remediation-playbooks.md when relevant
- Cross-reference frameworks where they overlap
- For financial services firms: always check finserv-regulations.md for MNPI and sector-specific rules
- When uncertain about risk tier, err toward higher risk classification
安全使用建议
This skill appears to be a coherent compliance toolkit (checklists, templates, and playbooks) and is likely useful for producing compliance outputs. Before using: 1) Review and remove or adapt any firm-specific examples (mentions of fi.com, webhook_events, or OpenClaw-specific paths/users) so you don't leak internal assumptions. 2) Do NOT execute any shell commands from remediation playbooks verbatim—verify they match your OS, user accounts, and security policies. 3) If you plan to have the agent access logs or webhook_events, ensure the agent runtime has explicit, auditable authorization to read those sources — otherwise the skill should ask you to provide relevant extracts rather than access them directly. 4) Confirm any vendor-contact or deletion requests described in playbooks are handled by authorized legal/security staff. If you want a more strict review, provide the exact runtime environment (what logs or systems the agent can access) and I can flag any instructions that would try to read or modify those assets.
功能分析
Type: OpenClaw Skill
Name: ai-compliance
Version: 1.1.0
The bundle is a comprehensive AI compliance and governance toolkit designed to help an agent perform risk assessments and gap analyses against frameworks like the EU AI Act, ISO 42001, and NIST AI RMF. It contains high-quality reference documentation, policy templates, and incident response playbooks. While it includes remediation steps involving shell commands for securing secrets (remediation-playbooks.md) and references internal telemetry logs (webhook_events) to identify data leakage, these actions are entirely consistent with the stated purpose of a security and compliance auditor. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.
能力评估
Purpose & Capability
The name/description (AI compliance across EU AI Act, ISO 42001, NIST, GDPR, financial regs) matches the included templates and reference files. The files and templates present are consistent with producing checklists, assessments, gap analyses and playbooks — no unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md instructs the agent to load relevant reference files and to gather information from the user about the AI system/use case, then produce structured compliance outputs. A few playbooks (incident-response, remediation) reference pulling prompts or events from 'webhook_events' or DLP logs; the skill does not declare any config paths or require automatic access to such logs, so those references are contextual examples but could lead an agent to attempt log access if given broad runtime permissions.
Install Mechanism
This is instruction-only (no install spec, no code files to execute). That is the lowest-risk install mechanism and consistent with the skill's purpose.
Credentials
The skill does not request environment variables or credentials. However, some reference files include operational commands and hard-coded operational guidance (e.g., storing secrets in /etc/openclaw/secrets.env and chown to user 'bcaddy', 'fi.com' telemetry references, and calls to webhook_events/DLP logs). Those are plausible for an in-house compliance runbook but are firm-specific and could be dangerous if copied verbatim into a different environment.
Persistence & Privilege
always:false, no install, and no requested system configuration changes. The skill does not request persistent presence or elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ai-compliance - 安装完成后,直接呼叫该 Skill 的名称或使用
/ai-compliance触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
v1.1.0: Added vendor risk assessment questionnaire, incident response playbooks, AUP template, data classification matrix, AI system inventory, financial services regulatory overlay (SEC/FCA/FINRA/DORA/MiFID II), remediation playbooks, ISO 27001 alignment map, training requirements matrix, jurisdiction map, and AI risk scoring model (0-100)
v1.0.0
Initial release — EU AI Act, ISO 42001, NIST AI RMF compliance checklists, risk assessments, and gap analysis for AI tools and use cases
元数据
常见问题
AI Compliance 是什么?
AI compliance analysis for EU AI Act, ISO 42001, NIST AI RMF, GDPR, OECD, financial services regulations (SEC, FCA, FINRA, DORA, MiFID II), and other framewo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 282 次。
如何安装 AI Compliance?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-compliance」即可一键安装,无需额外配置。
AI Compliance 是免费的吗?
是的,AI Compliance 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
AI Compliance 支持哪些平台?
AI Compliance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 AI Compliance?
由 OpieTaylor911(@opietaylor911)开发并维护,当前版本 v1.1.0。
推荐 Skills