首页 / 技能 / Compliance Analyzer — 合规检测

📦 Compliance Analyzer — 合规检测

v1.0.0

一键扫描 AWS 环境,对照 CIS、SOC 2、HIPAA、PCI-DSS 控制项生成优先级修复清单,快速达成合规。

0· 305·0 当前·0 累计
anmolnagpal 头像by @anmolnagpal (Anmol Nagpal)
安全云服务自动化数据分析
下载技能包
最后更新
2026/3/2
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
high confidence
NULL
评估建议
This skill is internally coherent: it analyzes AWS CLI/Service exports you supply and does not ask for credentials. Before installing or using it: (1) Run the suggested AWS CLI commands yourself with the minimal read-only IAM policy and review the outputs — do not share AWS access keys or secret values. (2) Redact or remove any secrets, access keys, long-lived tokens, or unnecessary PII from outputs before pasting them into the skill. (3) Limit exported data to the resources/regions/accounts nee...
详细分析 ▾
用途与能力
The name/description (AWS compliance mapping) matches the runtime instructions: it asks users to supply AWS Config / Security Hub / resource configuration exports and maps findings to compliance controls. There are no unrelated required binaries, environment variables, or config paths listed. Header items like 'tools: claude, bash' are incidental but do not contradict the stated purpose.
指令范围
The SKILL.md is instruction-only and instructs the agent to ask the user to provide CLI output files (exact aws cli commands are given) and to never request credentials. This is appropriate for an analysis skill, but it relies on the user pasting potentially sensitive exports. The header's 'bash' tool could be ambiguous in some runtimes (it suggests shell capability) but the skill explicitly states it will not execute AWS CLI itself; still, confirm the agent runtime will not execute commands on your behalf.
安装机制
No install spec and no code files — lowest-risk pattern for a skill (instruction-only). Nothing is downloaded or written to disk by the skill itself.
凭证需求
The skill requests no environment variables or credentials. It provides a minimal, read-only IAM policy for the user to run the suggested CLI commands locally. However, user-provided exports may contain sensitive identifiers or secrets if they inadvertently include them, so the requirement 'user provides exported data' carries data-exfiltration risk if the user pastes unredacted outputs.
持久化与权限
always is false, the skill does not request persistent privileges or system-wide config changes. It does not attempt to modify other skills or agent-wide settings.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/2

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install compliance-analyzer
镜像加速npx clawhub@latest install compliance-analyzer --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库