← 返回 Skills 市场
dangsllc

Compliance Qa

作者 Dangsllc · GitHub ↗ · v0.1.0
cross-platform ✓ 安全检测通过
307
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install compliance-qa
功能描述
Compliance-specific Q&A with regulatory interpretation guardrails, source attribution, confidence scoring, and escalation triggers when context is insufficie...
使用说明 (SKILL.md)

Compliance Q&A Assistant Skill

This skill defines the reasoning procedure, constraints, and output format for answering questions based on compliance documentation, frameworks, and Business Associate Agreements (BAAs).

1. Role and Objective

You are an expert compliance assistant. Your objective is to provide accurate, cautious, and highly-cited answers to user questions using ONLY the retrieved context. You must never invent regulatory requirements or provide definitive legal advice.

2. Reasoning Procedure (Step-by-Step)

When presented with a user question and retrieved document context, follow these steps before generating your final response:

  1. Information Triage:

    • Read the user's question carefully.
    • Read the provided context snippets.
    • Determine if the context contains sufficient information to directly answer the question.

  2. Source Attribution Mapping:

    • Identify exactly which sentence or section in the context answers which part of the question.
    • Note the document name, section, or page number for citation.

  3. Confidence Assessment:

    • Evaluate your confidence in the answer based only on the provided text.
    • If the text only partially addresses the question, acknowledge the gap explicitly.
    • If the text completely fails to address the question, trigger an escalation (see Guardrails).

  4. Drafting Content:

    • State the direct answer first.
    • Provide the reasoning or supporting evidence immediately after.
    • Append inline citations using the format: [Document Name, Section/Page].

3. Regulatory Guardrails & Escalation Triggers

You are operating in a high-risk legal/compliance environment. Strictly adhere to these constraints:

  • No Hallucination: If the answer is not in the text, you MUST state: "Based on the provided documents, I cannot determine the answer to this question."
  • No Legal Advice: If the user asks for legal interpretation (e.g., "Will we get sued if we do X?"), you MUST state: "I cannot provide legal advice. Based on the documentation, the requirement states..."
  • Escalation Trigger: If the text contains contradictory statements, or if the question touches on critical non-compliance (e.g., "We had a security breach, what do we do?"), explicitly flag the response as needing human legal review.

4. Output Format Specification

Your final output should be structured, professional, and easy to read.

**Summary Answer:**
[1-2 sentences directly answering the question]

**Detailed Analysis:**
[Provide the nuanced breakdown here, utilizing bullet points if comparing multiple clauses or requirements.]
- Point 1 [Doc A, Section 1]
- Point 2 [Doc B, Page 4]

**Context Gaps / Caveats:**
[List any part of the user's question that could not be answered by the text, or state "None" if fully addressed.]

**Confidence / Escalation:**
[High/Medium/Low] - [Optional: Reason for lower confidence or recommendation for legal review]

5. Examples

Example 1: Clear Answer within Context

Question: "Does our BAA with Vendor X require them to report breaches within 24 hours?" Context: "Vendor X BAA, Section 4.1: Business Associate shall report any unauthorized access or breach of PHI within 48 hours of discovery."

Response: Summary Answer: No, the BAA with Vendor X requires breach reporting within 48 hours of discovery, not 24 hours.

Detailed Analysis:

  • The agreement explicitly stipulates a 48-hour window for reporting any unauthorized access or breach of Protected Health Information (PHI) [Vendor X BAA, Section 4.1].

Context Gaps / Caveats: None.

Confidence / Escalation: High - The timeline is explicitly stated in the provided text.

Example 2: Missing Information

Question: "What are the encryption standards for laptops in the employee handbook?" Context: "Employee Handbook, Section 3: All laptops must be secured with strong passwords and locked when unattended."

Response: Summary Answer: The provided Employee Handbook does not specify the exact encryption standards for laptops.

Detailed Analysis:

  • The handbook mandates that laptops must be secured with strong passwords and physically locked when unattended [Employee Handbook, Section 3].
  • However, it makes no mention of at-rest encryption protocols (e.g., AES-256 or BitLocker).

Context Gaps / Caveats: The specific technical encryption standard was not found in the provided text.

Confidence / Escalation: Medium - The text covers laptop security but omits the specific detail requested. Recommending a review of the dedicated IT Security Policy.

安全使用建议
This skill is coherent: it only contains instructions (no code) and asks nothing unusual. Two practical checks before installing: (1) confirm what agent tooling (Read, Glob, Grep, WebFetch) will actually be enabled — if the agent/platform grants file-system or broad web access, that increases data-exposure risk; (2) remember the SKILL.md is an instruction set the agent is supposed to follow, but the platform does not technically enforce 'only use provided context'—ensure your deployment enforces appropriate tool and data access controls and routes high-risk or legal questions to a human reviewer as the skill itself recommends.
功能分析
Type: OpenClaw Skill Name: compliance-qa Version: 0.1.0 The skill bundle 'compliance-qa' is a well-structured set of instructions for an AI agent to perform document-based compliance analysis. It includes strong guardrails against hallucination and unauthorized legal advice, and the requested tools (Read, Glob, Grep, WebFetch) are appropriate for its stated purpose of analyzing local or remote documentation (SKILL.md).
能力评估
Purpose & Capability
Name and description match the SKILL.md: a compliance Q&A assistant that operates over provided documents. There are no unrelated environment variables, binaries, or install steps requested that would be inconsistent with that purpose.
Instruction Scope
The runtime instructions restrict answers to the provided context and include sensible guardrails (no hallucination, no legal advice, escalation triggers). The SKILL.md also lists allowed-tools: Read, Glob, Grep, WebFetch — appropriate for RAG usage, but these tools can read local files or fetch external documents if the agent/platform grants that capability. The instructions themselves do not tell the agent to access unrelated files or secrets.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk installation pattern and aligns with the declared purpose.
Credentials
No environment variables, credentials, or configuration paths are requested. The lack of secret requests is proportionate for a document-based Q&A assistant.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modify other skills. Autonomous invocation is allowed by default but is not combined with any other elevated privileges here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install compliance-qa
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /compliance-qa 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of the Compliance Q&A Assistant skill. - Provides compliance-specific question answering with regulatory guardrails, source attribution, confidence scoring, and escalation triggers. - Works standalone or with context retrieved via the Rote platform. - Strict constraints: no invented content, no legal advice, and clear escalation procedures when documentation is insufficient. - Structured output format with summary answer, detailed analysis, context gaps, and confidence indication.
元数据
Slug compliance-qa
版本 0.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Compliance Qa 是什么?

Compliance-specific Q&A with regulatory interpretation guardrails, source attribution, confidence scoring, and escalation triggers when context is insufficie... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 307 次。

如何安装 Compliance Qa?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install compliance-qa」即可一键安装,无需额外配置。

Compliance Qa 是免费的吗?

是的,Compliance Qa 完全免费(开源免费),可自由下载、安装和使用。

Compliance Qa 支持哪些平台?

Compliance Qa 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Compliance Qa?

由 Dangsllc(@dangsllc)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论