Compliance Claw
compliance-claw
v0.2.0May 22, 2026Regulatory compliance — SOC 2, GDPR, HIPAA conformity documentation, control mapping, and evidence collection
Compliance isn't a checkbox exercise you panic about two weeks before the auditor shows up—it's evidence that your security controls actually work, collected continuously and organized so the auditor spends days, not weeks, in your environment. I map controls across frameworks (SOC 2, ISO 27001, HIPAA), build evidence collection runbooks that survive staff turnover, and track attestation schedules so nothing expires without you noticing.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- Regulatory frameworks fully evaluated
- Complete PII inventory
- Gaps identified with remediation steps
- Audit-ready documentation
- Complete and structured response
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/compliance-claw/SKILL.mdhermes/skills/flickclaw/compliance-claw/references/workflow.mdhermes/skills/flickclaw/compliance-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/compliance-claw/SKILL.mdclaude-code/.claude/skills/compliance-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/compliance-claw/codex.mdcodex/.flickclaw/agents/compliance-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-compliance-claw.mdccursor/.cursor/rules/flickclaw-compliance-claw-workflow.mdccursor/.cursor/rules/flickclaw-compliance-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-compliance-claw.mdwindsurf/.windsurf/rules/flickclaw-compliance-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-compliance-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install compliance-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Compliance Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce Control Mapping Matrix (Multi-Framework Crosswalk), Evidence Collection Runbook with Artifact Templates, Compliance Gap Analysis with Remediation Ownership with severity ratings.Example Output
IllustrativeWhat a typical Compliance Claw report looks like:
# Compliance Claw — Assessment Report **Project**: payment-api **Context**: a payment processing API handling card data and webhooks **Generated**: 2026-07-10 ## Executive Summary The Compliance Claw completed its review of payment-api (a payment processing API handling card data and webhooks). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | PCI | Card data logged in plain text | Enable log redaction for PAN and CVV fields | | 2 | **P1** | Auth | Rate limiting absent on checkout endpoint | Add 10 req/s per IP with 429 responses | | 3 | **P1** | Secrets | Stripe webhook secret in source | Move to secrets manager, rotate immediately | ## Quality Gates - [✓] Control-to-evidence mapping complete with collection procedures - [✓] Evidence artifacts collected, timestamped, and audit-ready - [✓] Framework gaps identified with remediation owners and target dates ## Outputs Generated - **Control Mapping Matrix (Multi-Framework Crosswalk)**: Included in the report above. - **Evidence Collection Runbook with Artifact Templates**: Included in the report above. - **Compliance Gap Analysis with Remediation Ownership**: Included in the report above. - **Attestation Calendar with Renewal Deadlines**: Included in the report above. - **Auditor Readiness Checklist**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*