← 返回 Skills 市场
ncreighton

Complianceradar Ai Monitor

作者 ncreighton · GitHub ↗ · v1.0.0 · MIT-0
macoslinuxwin32 ⚠ suspicious
214
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install complianceradar-ai-monitor
功能描述
Monitor regulatory changes across SEC, FDA, FINRA, and GDPR with AI impact assessment. Use when the user needs compliance tracking, policy updates, audit tra...
使用说明 (SKILL.md)

\r \r

Overview\r

\r ComplianceRadar AI Monitor automates regulatory change detection and impact assessment for financial services and healthcare organizations. Instead of manually tracking SEC filings, FDA announcements, FINRA rule updates, and GDPR changes across multiple portals, this skill continuously monitors authoritative sources, uses AI to assess business impact, and automatically routes compliance action items to your team via Slack.\r \r Why this matters: Regulatory non-compliance costs organizations $14.82M annually on average (Deloitte 2024). Manual monitoring creates blind spots. This skill eliminates regulatory drift by centralizing monitoring, automating impact analysis, and creating audit-ready evidence trails.\r \r Integrations: Slack (team notifications), Google Sheets (compliance log), GitHub (policy documentation), Notion (knowledge base), Zapier (workflow automation), and email (executive summaries).\r \r ---\r \r

Quick Start\r

\r Try these prompts immediately:\r \r

Prompt 1: Monitor SEC Filings for Your Industry\r

Monitor SEC filings for fintech companies in the payments sector \r
from the last 7 days. Assess impact on our KYC/AML compliance program \r
and notify the compliance team via Slack with action items.\r
```\r
\r
### Prompt 2: Track FDA Regulatory Changes\r
```\r
Check FDA announcements, warning letters, and guidance documents \r
from the last 14 days related to medical device software. \r
Generate a compliance impact report with required policy updates.\r
```\r
\r
### Prompt 3: GDPR Update Monitoring with Policy Generation\r
```\r
Monitor GDPR enforcement actions and EDPB guidelines from the last 30 days. \r
Identify which apply to our EU customer base. Generate updated \r
Data Processing Agreement language and notify our legal team.\r
```\r
\r
### Prompt 4: Multi-Source Compliance Dashboard\r
```\r
Create a weekly compliance briefing covering SEC Rule 10b5-1, \r
FDA Part 11 updates, FINRA Rule 4512 changes, and GDPR enforcement trends. \r
Include risk scores and recommended policy updates.\r
```\r
\r
---\r
\r
## Capabilities\r
\r
### 1. Multi-Source Regulatory Monitoring\r
- **SEC EDGAR Integration:** Monitors 10-K/10-Q filings, rule proposals, and enforcement actions via SEC EDGAR API\r
- **FDA Monitoring:** Tracks guidance documents, warning letters, and enforcement actions via FDA OpenData API\r
- **FINRA Surveillance:** Monitors rule changes, regulatory notices, and disciplinary actions via FINRA Data Center\r
- **GDPR/EBA Tracking:** Monitors EDPB guidelines, enforcement actions, and regulatory technical standards\r
\r
**Example usage:**\r
```\r
Monitor SEC Rule 10b5-1 trading plans and identify changes \r
affecting our insider trading policy. Flag any amendments \r
that require immediate board notification.\r
```\r
\r
### 2. AI-Powered Impact Assessment\r
Uses GPT-4 to analyze regulatory changes against your organization's:\r
- Business model and revenue streams\r
- Current compliance policies\r
- Geographic footprint and customer base\r
- Industry classification and risk profile\r
\r
**Output includes:**\r
- Impact severity (Critical/High/Medium/Low)\r
- Affected business units\r
- Timeline to compliance\r
- Estimated remediation cost\r
- Policy document recommendations\r
\r
### 3. Automated Policy Update Workflows\r
- Generates updated compliance policies in Markdown/Word format\r
- Creates implementation checklists with responsibility assignments\r
- Produces training materials for staff\r
- Generates audit documentation templates\r
\r
**Example:**\r
```\r
Generate updated AML Policy incorporating new FinCEN \r
beneficial ownership rules. Include staff training outline \r
and implementation timeline for board approval.\r
```\r
\r
### 4. Team Notifications & Action Items\r
- **Slack Integration:** Posts compliance alerts with severity badges, impact summaries, and action buttons\r
- **Email Digests:** Executive summaries for C-suite and board members\r
- **Google Sheets Logging:** Automatic compliance event logging for audit trails\r
- **Jira/Asana Integration:** Creates compliance tasks with due dates and ownership\r
\r
### 5. Audit Trail & Evidence Collection\r
- Timestamps all regulatory source checks with URLs\r
- Stores original regulation text and your impact assessment\r
- Generates compliance evidence packages for auditors\r
- Creates regulatory change logs for SOX/HIPAA compliance\r
\r
---\r
\r
## Configuration\r
\r
### Required Environment Variables\r
\r
```bash\r
# SEC EDGAR API (free, register at https://www.sec.gov/cgi-bin/browse-edgar)\r
export SEC_API_KEY="your-sec-api-key"\r
\r
# FDA OpenData API (free, https://open.fda.gov/)\r
export FDA_API_KEY="your-fda-api-key"\r
\r
# GDPR/FINRA monitoring service\r
export GDPR_MONITOR_TOKEN="your-gdpr-monitor-token"\r
\r
# Slack webhook for notifications\r
export SLACK_WEBHOOK_URL="https://hooks.slack.com/services/YOUR/WEBHOOK/URL"\r
\r
# OpenAI GPT-4 for impact assessment\r
export OPENAI_API_KEY="sk-..."\r
\r
# Optional: Google Sheets for logging\r
export GOOGLE_SHEETS_ID="your-sheet-id"\r
export GOOGLE_SHEETS_API_KEY="your-google-api-key"\r
```\r
\r
### Configuration Options\r
\r
```yaml\r
monitoring:\r
  sec:\r
    enabled: true\r
    check_frequency: "daily"\r
    filing_types: ["10-K", "10-Q", "8-K", "20-F"]\r
    industries: ["fintech", "payments", "lending"]\r
  \r
  fda:\r
    enabled: true\r
    check_frequency: "daily"\r
    document_types: ["guidance", "warning_letters", "enforcement"]\r
    device_classes: ["Class I", "Class II", "Class III"]\r
  \r
  finra:\r
    enabled: true\r
    check_frequency: "weekly"\r
    rule_categories: ["4500", "4700", "5200"]\r
  \r
  gdpr:\r
    enabled: true\r
    check_frequency: "weekly"\r
    regions: ["EU", "UK", "Switzerland"]\r
\r
notifications:\r
  slack_channel: "#compliance-alerts"\r
  severity_threshold: "medium"\r
  include_actionable_items: true\r
  \r
impact_assessment:\r
  model: "gpt-4"\r
  include_policy_recommendations: true\r
  include_training_materials: true\r
  include_audit_evidence: true\r
```\r
\r
---\r
\r
## Example Outputs\r
\r
### Output 1: Compliance Alert with Impact Assessment\r
```\r
🚨 CRITICAL COMPLIANCE ALERT\r
Source: SEC EDGAR (2024-01-15)\r
Regulation: SEC Rule 10b5-1 Amendment - Trading Plan Timing\r
\r
Impact Assessment:\r
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r
Severity: HIGH\r
Affected Units: Executive Leadership, Trading Compliance\r
Timeline: 60 days to compliance\r
Estimated Remediation: 120 hours (policy + training)\r
\r
Required Actions:\r
□ Update insider trading policy (template attached)\r
□ Retrain 45 executives on new cooling-off periods\r
□ Notify board within 10 days\r
□ File compliance certification with SEC\r
\r
Audit Evidence: SEC_10b5-1_20240115_EVIDENCE_PACKAGE.zip\r
Generated: 2024-01-15T09:42:00Z\r
```\r
\r
### Output 2: Weekly Compliance Briefing (Google Sheets)\r
```\r
Week of Jan 15-19, 2024\r
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\r
\r
| Date | Source | Regulation | Impact | Action Items | Owner | Due |\r
|------|--------|-----------|--------|--------------|-------|-----|\r
| 1/15 | SEC | Rule 10b5-1 | HIGH | Update policy, train staff | Legal | 2/14 |\r
| 1/17 | FDA | Part 11 Amendment | MEDIUM | Audit validation logs | Ops | 2/28 |\r
| 1/18 | FINRA | Rule 4512 | MEDIUM | Update continuing ed | HR | 3/15 |\r
| 1/19 | GDPR | EDPB Opinion 5/2024 | HIGH | Update DPA, notify customers | Privacy | 2/19 |\r
\r
Risk Score: 7.2/10 (Manageable with prompt action)\r
```\r
\r
### Output 3: Auto-Generated Policy Update\r
```markdown\r
# UPDATED INSIDER TRADING POLICY v2.1\r
Effective: February 15, 2024\r
Compliance with: SEC Rule 10b5-1 (as amended Jan 15, 2024)\r
\r
## Section 3.2: Trading Plan Cooling-Off Periods (NEW)\r
Effective immediately, all trading plans must include:\r
- Minimum 30-day (previously 14-day) cooling-off period\r
- Attestation of compliance with new timing rules\r
- Board-level approval for executive officers\r
\r
[Full policy document auto-generated with change tracking]\r
```\r
\r
---\r
\r
## Tips & Best Practices\r
\r
### 1. Set Up Role-Based Notifications\r
Configure different Slack channels for different roles:\r
- `#compliance-critical` → General Counsel, Chief Compliance Officer\r
- `#compliance-ops` → Operations, HR, Finance teams\r
- `#compliance-public` → Board members (executive summary only)\r
\r
### 2. Establish a Regulatory Change Review Cadence\r
- **Daily:** Monitor SEC/FDA/FINRA for critical changes\r
- **Weekly:** Review GDPR/EBA guidance documents\r
- **Monthly:** Comprehensive compliance briefing with impact analysis\r
- **Quarterly:** Board-level regulatory risk assessment\r
\r
### 3. Create a Policy Update Template Library\r
Pre-build templates for your most-changed policies:\r
- Insider Trading Policies\r
- Data Privacy Policies\r
- AML/KYC Procedures\r
- Record Retention Schedules\r
\r
This enables the skill to generate customized updates in seconds.\r
\r
### 4. Integrate with Audit Management Systems\r
Connect to Domo, Tableau, or Looker to create real-time compliance dashboards showing:\r
- Regulatory changes detected (past 90 days)\r
- Outstanding compliance action items\r
- Policy update status\r
- Training completion rates\r
\r
### 5. Use Regulatory Change Triggers for Workflow Automation\r
Connect to Zapier to auto-trigger:\r
- Email to board members when severity = CRITICAL\r
- Jira ticket creation for compliance action items\r
- Calendar blocks for compliance review meetings\r
- Slack threads for collaborative policy drafting\r
\r
### 6. Maintain a Regulatory Change Archive\r
Store all detected changes in GitHub with:\r
- Original regulation text\r
- Your impact assessment\r
- Generated policies\r
- Audit evidence packages\r
\r
This creates a searchable, version-controlled compliance history.\r
\r
---\r
\r
## Safety & Guardrails\r
\r
### What This Skill Will NOT Do\r
\r
⛔ **Not a substitute for legal counsel.** This skill generates informational impact assessments and policy templates. All regulatory interpretations must be reviewed by qualified legal counsel before implementation.\r
\r
⛔ **Not real-time compliance guarantee.** Regulatory monitoring has inherent latency (24-48 hours). Do not rely solely on this skill for time-sensitive compliance deadlines. Subscribe to official regulatory agency alerts in parallel.\r
\r
⛔ **Not an audit defense.** While this skill creates audit trails, regulators may challenge your interpretation of regulatory changes. Maintain independent evidence of your compliance analysis and decision-making.\r
\r
⛔ **Not for regulated medical advice.** If monitoring FDA guidance for medical devices, this skill is informational only. Clinical decision-making and device safety determinations require qualified medical professionals.\r
\r
⛔ **Not GDPR legal advice.** GDPR compliance is jurisdiction-specific and context-dependent. Generated policy updates must be reviewed by Data Protection Officers and legal counsel familiar with your specific operations.\r
\r
### Limitations\r
\r
- **API Rate Limits:** SEC EDGAR (10 requests/second), FDA API (1000 requests/hour), FINRA (varies by subscription tier)\r
- **Language Coverage:** Currently monitors English-language documents only. Non-English regulatory guidance requires manual review\r
- **Historical Coverage:** Monitors forward-looking changes; does not retroactively analyze compliance with regulations passed before skill activation\r
- **Jurisdiction Scope:** Optimized for US federal regulations (SEC, FDA, FINRA) and EU GDPR. State-level and non-US regulations require custom configuration\r
\r
### Data Privacy & Security\r
\r
- API keys are stored in environment variables only; never logged or transmitted to third parties\r
- Regulatory documents are cached locally for 7 days, then deleted\r
- Slack notifications do not include sensitive customer data; only regulatory change summaries\r
- Audit evidence packages are encrypted at rest and require authentication to access\r
- Compliance with SOX Section 404 and HIPAA audit trail requirements\r
\r
---\r
\r
## Troubleshooting\r
\r
### Issue: "SEC API key invalid" error\r
**Solution:** Verify your SEC EDGAR API key at https://www.sec.gov/cgi-bin/browse-edgar. Free keys are issued immediately upon registration. Allow 5 minutes for activation.\r
\r
### Issue: FDA API returns "No results found"\r
**Solution:** FDA API may have delayed indexing (up to 24 hours). Try:\r
```bash\r
# Check API status\r
curl https://api.fda.gov/status.json\r
\r
# Expand date range\r
Monitor FDA announcements from the last 30 days (not 7 days)\r
```\r
\r
### Issue: GDPR monitoring shows duplicate alerts\r
**Solution:** EDPB publishes guidance documents across multiple channels. Configure deduplication:\r
```yaml\r
deduplication:\r
  enabled: true\r
  match_threshold: 0.85  # 85% text similarity = duplicate\r
  time_window: 7  # days\r
```\r
\r
### Issue: Slack notifications are delayed\r
**Solution:** Check Slack webhook URL and rate limits:\r
- Verify webhook URL includes `/services/` path\r
- Add delay between notifications: `notification_delay: 5s`\r
- Batch multiple alerts into single message for high-volume days\r
\r
### Issue: "Insufficient permissions" when generating Google Sheets log\r
**Solution:** Ensure service account has Editor access to the target Google Sheet:\r
```bash\r
# Share sheet with service account email\r
gcloud iam service-accounts list\r
# Then share the sheet with that email address\r
```\r
\r
### Issue: AI impact assessment is too generic\r
**Solution:** Provide more context in your initial configuration:\r
```yaml\r
organization_context:\r
  industry: "fintech"\r
  business_model: "B2B payments platform"\r
  customer_base: "US and EU SMBs"\r
  revenue_streams: ["transaction fees", "subscription", "API access"]\r
  regulatory_footprint: ["New York (NYDFS)", "EU (GDPR)", "UK (FCA)"]\r
  current_policies: ["aml_policy_v2.1.md", "privacy_policy_v3.0.md"]\r
```\r
\r
This enables the skill to generate highly specific impact assessments.\r
\r
### FAQ\r
\r
**Q: Can this skill monitor state-level regulations (like California's CCPA)?**\r
A: Not automatically. State regulations require custom API integrations. Contact support for custom monitoring setup.\r
\r
**Q: How does this handle conflicting regulations across jurisdictions?**\r
A: The skill flags conflicts and generates jurisdiction-specific policy versions. You must choose which jurisdiction's requirements take precedence.\r
\r
**Q: Can I export compliance history to my audit management system?**\r
A: Yes. Export formats: JSON, CSV, PDF. Integration templates available for Domo, Tableau, and Looker.\r
\r
**Q: What's the maximum number of regulations this skill can monitor simultaneously?**\r
A: Tested up to 500 concurrent monitoring rules. Performance degrades above 1,000 rules; contact support for enterprise scaling.\r
\r
---\r
\r
## Support & Community\r
\r
- **Documentation:** https://github.com/ncreighton/empire-skills/wiki/ComplianceRadar\r
- **Issue Tracker:** https://github.com/ncreighton/empire-skills/issues\r
- **Slack Community:** Join #compliance-automation in ClawHub Community Slack\r
- **Enterprise Support:** Email [email protected]\r
\r
---\r
\r
*Last updated: January 2024 | Version 1.0.0*
安全使用建议
Do not hand over production credentials or sensitive documents until you confirm exactly how the skill obtains and handles your data. Specific steps to consider before installing: 1) Ask the author which GDPR_MONITOR service is expected and what permissions the token requires. 2) Use least-privilege, dedicated API keys: a scoped SEC/FDA key (if available), a Slack webhook limited to a single channel, a separate OpenAI key with usage/billing limits or an organization policy that prevents data leakage. 3) Clarify how the agent will access your internal policies (manual upload only, GitHub/Notion integration, or local file access). Prefer manual uploads of redacted example documents for initial testing. 4) Test in an isolated environment with non-sensitive data and review outbound traffic (which endpoints are contacted). 5) If you need automatic connections to GitHub/Notion/Google Sheets, require explicit, documented env vars and least-privilege tokens for each service. 6) If you cannot verify the source or the GDPR_MONITOR provider, treat this skill as untrusted and avoid providing sensitive credentials. If you want higher assurance, request the full runtime workflow from the author or an auditable implementation rather than an instruction-only SKILL.md.
功能分析
Type: OpenClaw Skill Name: complianceradar-ai-monitor Version: 1.0.0 The skill bundle 'complianceradar-ai-monitor' is a comprehensive set of instructions for an AI agent to automate regulatory compliance monitoring across SEC, FDA, and GDPR sources. While it requires several sensitive environment variables (API keys and Slack webhooks), these are strictly aligned with its stated purpose of fetching regulatory data and sending notifications. Analysis of SKILL.md and _meta.json reveals no evidence of malicious intent, data exfiltration, or prompt injection attacks designed to compromise the host or the agent.
能力评估
Purpose & Capability
Requiring SEC/FDA API keys, a Slack webhook, and an OpenAI key aligns with a monitoring + AI-assessment tool. However the SKILL.md advertises many additional integrations (FINRA, GitHub, Notion, Zapier, email, Google Sheets) while only a subset of credentials are declared; FINRA credentials are not listed and some integrations appear only in prose. This mismatch could be poor documentation or indicate unclear scope.
Instruction Scope
The instruction-only skill tells the agent to monitor public regulatory APIs and use GPT-4 for impact analysis and to notify Slack. It also says it will assess changes against "your organization's... policies" — but the document does not clearly prescribe how the agent will obtain those internal policies (connect to GitHub/Notion, request uploads, or read local files). That ambiguity means the agent could be instructed (or improvise) to access or ask for sensitive internal documents without clear boundaries.
Install Mechanism
There is no install spec and no code files; the skill is instruction-only. That minimizes on-disk code risk. It does require curl and jq to be available at runtime, which is reasonable for an instruction-based skill that performs HTTP calls and JSON parsing.
Credentials
Required env vars (SEC_API_KEY, FDA_API_KEY, GDPR_MONITOR_TOKEN, SLACK_WEBHOOK_URL, OPENAI_API_KEY) are service-specific and plausible. Concerns: (1) GDPR_MONITOR_TOKEN is vague — the skill references a 'monitoring service' but doesn't identify which vendor or required scope; (2) other integrations (GitHub, Notion, Google Sheets) are mentioned but credential requirements are inconsistent (Google Sheets creds appear only in SKILL.md as optional variables and are not in the required list). The OpenAI key gives the skill external LLM access to any data it processes — users should assume data sent to OpenAI will leave their environment.
Persistence & Privilege
always is false and there's no install script or claims to change system-wide configs or other skills. The skill can be invoked autonomously (normal), but it does not request permanent agent-wide privileges in the metadata.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install complianceradar-ai-monitor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /complianceradar-ai-monitor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
ComplianceRadar AI Monitor v1.0.0 – Initial Release - Launches automated, continuous monitoring of SEC, FDA, FINRA, and GDPR regulatory changes. - Uses AI for real-time impact assessment and generates actionable compliance reports. - Integrates directly with Slack for team notifications and Google Sheets for audit logging. - Supports auto-generation of compliant policy updates, staff training materials, and audit evidence. - Provides easy configuration via environment variables and YAML for targeted, multi-source monitoring.
元数据
Slug complianceradar-ai-monitor
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Complianceradar Ai Monitor 是什么?

Monitor regulatory changes across SEC, FDA, FINRA, and GDPR with AI impact assessment. Use when the user needs compliance tracking, policy updates, audit tra... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 214 次。

如何安装 Complianceradar Ai Monitor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install complianceradar-ai-monitor」即可一键安装,无需额外配置。

Complianceradar Ai Monitor 是免费的吗?

是的,Complianceradar Ai Monitor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Complianceradar Ai Monitor 支持哪些平台?

Complianceradar Ai Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos, linux, win32)。

谁开发了 Complianceradar Ai Monitor?

由 ncreighton(@ncreighton)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论