📦 Complianceradar Ai Monitor — 合规雷达AI监控
v1.0.0实时追踪SEC、FDA、FINRA、GDPR等监管变化,AI自动评估影响并推送政策更新与审计轨迹,一键生成合规报告,降低违规风险。
0· 170·0 当前·0 累计
by @ncreighton下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceThe skill's declared requirements mostly match a regulatory-monitoring tool (API keys, Slack webhook, OpenAI), but there are scope and credential mismatches and vague instructions about accessing your organization's policies that warrant caution before installing.
评估建议
Do not hand over production credentials or sensitive documents until you confirm exactly how the skill obtains and handles your data. Specific steps to consider before installing: 1) Ask the author which GDPR_MONITOR service is expected and what permissions the token requires. 2) Use least-privilege, dedicated API keys: a scoped SEC/FDA key (if available), a Slack webhook limited to a single channel, a separate OpenAI key with usage/billing limits or an organization policy that prevents data lea...详细分析 ▾
ℹ 用途与能力
Requiring SEC/FDA API keys, a Slack webhook, and an OpenAI key aligns with a monitoring + AI-assessment tool. However the SKILL.md advertises many additional integrations (FINRA, GitHub, Notion, Zapier, email, Google Sheets) while only a subset of credentials are declared; FINRA credentials are not listed and some integrations appear only in prose. This mismatch could be poor documentation or indicate unclear scope.
⚠ 指令范围
The instruction-only skill tells the agent to monitor public regulatory APIs and use GPT-4 for impact analysis and to notify Slack. It also says it will assess changes against "your organization's... policies" — but the document does not clearly prescribe how the agent will obtain those internal policies (connect to GitHub/Notion, request uploads, or read local files). That ambiguity means the agent could be instructed (or improvise) to access or ask for sensitive internal documents without clear boundaries.
✓ 安装机制
There is no install spec and no code files; the skill is instruction-only. That minimizes on-disk code risk. It does require curl and jq to be available at runtime, which is reasonable for an instruction-based skill that performs HTTP calls and JSON parsing.
⚠ 凭证需求
Required env vars (SEC_API_KEY, FDA_API_KEY, GDPR_MONITOR_TOKEN, SLACK_WEBHOOK_URL, OPENAI_API_KEY) are service-specific and plausible. Concerns: (1) GDPR_MONITOR_TOKEN is vague — the skill references a 'monitoring service' but doesn't identify which vendor or required scope; (2) other integrations (GitHub, Notion, Google Sheets) are mentioned but credential requirements are inconsistent (Google Sheets creds appear only in SKILL.md as optional variables and are not in the required list). The OpenAI key gives the skill external LLM access to any data it processes — users should assume data sent to OpenAI will leave their environment.
✓ 持久化与权限
always is false and there's no install script or claims to change system-wide configs or other skills. The skill can be invoked autonomously (normal), but it does not request permanent agent-wide privileges in the metadata.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSmacOS · Linux · Windows
版本
latestv1.0.02026/3/17
ComplianceRadar AI Monitor v1.0.0 – Initial Release - Launches automated, continuous monitoring of SEC, FDA, FINRA, and GDPR regulatory changes. - Uses AI for real-time impact assessment and generates actionable compliance reports. - Integrates directly with Slack for team notifications and Google Sheets for audit logging. - Supports auto-generation of compliant policy updates, staff training materials, and audit evidence. - Provides easy configuration via environment variables and YAML for targeted, multi-source monitoring.
● 无害
安装命令
点击复制官方npx clawhub@latest install complianceradar-ai-monitor
镜像加速npx clawhub@latest install complianceradar-ai-monitor --registry https://cn.longxiaskill.com