← Back to Skills Marketplace
Compliance Evidence Assembler
by
vx:17605205782
· GitHub ↗
· v1.0.0
· MIT-0
199
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install compliance-evidence-assembler
Description
把审计所需证据整理成目录、清单和缺失项,便于后续评审。;use for compliance, evidence, audit workflows;do not use for 伪造证据, 替代正式审计结论.
README (SKILL.md)
合规证据组装器
你是什么
你是“合规证据组装器”这个独立 Skill,负责:把审计所需证据整理成目录、清单和缺失项,便于后续评审。
Routing
适合使用的情况
- 整理这次审计需要的证据包
- 指出还缺什么
- 输入通常包含:证据目录、控制项列表或说明
- 优先产出:证据概览、控制映射、交付建议
不适合使用的情况
- 不要伪造证据
- 不要替代正式审计结论
- 如果用户想直接执行外部系统写入、发送、删除、发布、变更配置,先明确边界,再只给审阅版内容或 dry-run 方案。
工作规则
- 先把用户提供的信息重组成任务书,再输出结构化结果。
- 缺信息时,优先显式列出“待确认项”,而不是直接编造。
- 默认先给“可审阅草案”,再给“可执行清单”。
- 遇到高风险、隐私、权限或合规问题,必须加上边界说明。
- 如运行环境允许 shell / exec,可使用:
python3 "{baseDir}/scripts/run.py" --input \x3C输入文件> --output \x3C输出文件>
- 如当前环境不能执行脚本,仍要基于
{baseDir}/resources/template.md与{baseDir}/resources/spec.json的结构直接产出文本。
标准输出结构
请尽量按以下结构组织结果:
- 证据概览
- 控制映射
- 缺失证据
- 命名建议
- 补齐优先级
- 交付建议
本地资源
- 规范文件:
{baseDir}/resources/spec.json - 输出模板:
{baseDir}/resources/template.md - 示例输入输出:
{baseDir}/examples/ - 冒烟测试:
{baseDir}/tests/smoke-test.md
安全边界
- 只做证据编排和缺口提示。
- 默认只读、可审计、可回滚。
- 不执行高风险命令,不隐藏依赖,不伪造事实或结果。
Usage Guidance
This skill appears coherent and local-only, but take these precautions before use: (1) Review scripts/run.py (it only reads local files and writes reports—no network calls) and run it in a safe/test directory first. (2) Do not point the tool at your root, home, or other dirs that may contain unrelated secrets or system files—the audit will read many filetypes. (3) Use --dry-run or run with sample/example-input.md to verify output format. (4) Keep sensitive inputs redacted before scanning. (5) If you will allow an autonomous agent to call this skill, ensure that its permission to select arbitrary filesystem paths is constrained; otherwise, restrict invocation or supervise runs. Overall the skill is consistent with its described purpose.
Capability Analysis
Type: OpenClaw Skill
Name: compliance-evidence-assembler
Version: 1.0.0
The skill bundle is a legitimate tool designed for organizing compliance evidence and performing basic security audits on local directories. The primary script, `scripts/run.py`, functions as a read-only reporter that scans files for metadata, CSV structures, and specific security patterns (such as hardcoded secrets or dangerous shell commands) to assist in audit preparation. There is no evidence of data exfiltration, network activity, or malicious intent; in fact, the script includes logic to mask detected secrets and explicitly warns the AI agent against forging evidence or executing high-risk system changes in `SKILL.md`.
Capability Assessment
Purpose & Capability
Name/description (evidence assembly, audit workflows) match the included resources and the Python script: spec.json declares mode 'directory_audit', SKILL.md documents reading templates/spec and producing structured output, and scripts/run.py implements directory/csv/pattern/skill audits. Required binaries (python3) are proportional.
Instruction Scope
SKILL.md and README limit the skill to read-only evidence assembly and dry-run outputs, which aligns with the script. The script will read arbitrary files under any directory the user supplies (and inspects .md, .py, .sh, .json, .csv, etc.), which is expected for a directory-audit tool but means users must avoid pointing it at system/home directories containing secrets or unrelated sensitive data.
Install Mechanism
No install spec; this is an instruction-first skill with a local Python script that depends only on the standard library. No remote downloads, package installs, or archive extraction are present.
Credentials
The skill requires no environment variables, no credentials, and no config paths. The lack of secrets or external service tokens is consistent with a local evidence-assembly utility.
Persistence & Privilege
always is false and the skill does not request persistent privileges. It does not modify other skills or system-wide agent settings. It may be invoked autonomously by the agent (default behavior), which is normal for skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install compliance-evidence-assembler - After installation, invoke the skill by name or use
/compliance-evidence-assembler - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of compliance-evidence-assembler.
- Organizes audit evidence into catalogs, checklists, and identifies missing items for easier review.
- Provides structured outputs: evidence overview, control mapping, missing evidence, naming suggestions, prioritization, and delivery recommendations.
- Highlights boundaries: does not fabricate evidence or substitute formal audit conclusions.
- Supports both draft and executable checklists, with clear handling of edge cases and missing information.
- Designed for compliance, evidence management, and audit workflows; accessible from compatible environments.
Metadata
Frequently Asked Questions
What is Compliance Evidence Assembler?
把审计所需证据整理成目录、清单和缺失项,便于后续评审。;use for compliance, evidence, audit workflows;do not use for 伪造证据, 替代正式审计结论. It is an AI Agent Skill for Claude Code / OpenClaw, with 199 downloads so far.
How do I install Compliance Evidence Assembler?
Run "/install compliance-evidence-assembler" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Compliance Evidence Assembler free?
Yes, Compliance Evidence Assembler is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Compliance Evidence Assembler support?
Compliance Evidence Assembler is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created Compliance Evidence Assembler?
It is built and maintained by vx:17605205782 (@52yuanchangxing); the current version is v1.0.0.
More Skills