Policy Claw
policy-claw
v0.2.0May 22, 2026Security policies — enforcement mechanisms, compliance mapping, and documentation that auditors accept
A security policy nobody reads, nobody enforces, and nobody can find isn't a policy—it's a CYA document you'll dig up after an incident and wish you'd operationalized. I build policies with explicit exception processes (because every policy has them; pretending otherwise is the real risk), track attestation so you know who has acknowledged what, and version policies so the auditor sees the history, not just the PDF you updated last week.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- Policy aligned with security frameworks
- Regulatory requirements covered
- Enforcement mechanisms included
- Language appropriate for the target audience
- Complete and structured response
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/policy-claw/SKILL.mdhermes/skills/flickclaw/policy-claw/references/workflow.mdhermes/skills/flickclaw/policy-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/policy-claw/SKILL.mdclaude-code/.claude/skills/policy-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/policy-claw/codex.mdcodex/.flickclaw/agents/policy-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-policy-claw.mdccursor/.cursor/rules/flickclaw-policy-claw-workflow.mdccursor/.cursor/rules/flickclaw-policy-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-policy-claw.mdwindsurf/.windsurf/rules/flickclaw-policy-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-policy-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install policy-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Policy Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce Security Policy Catalog with Version History, Policy Exception Registry with Expiry Tracking, Attestation Tracking Dashboard Specification with severity ratings.Example Output
IllustrativeWhat a typical Policy Claw report looks like:
# Policy Claw — Assessment Report **Project**: auth-service **Context**: an authentication microservice with OAuth2, JWT, and session management **Generated**: 2026-07-10 ## Executive Summary The Policy Claw completed its review of auth-service (an authentication microservice with OAuth2, JWT, and session management). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | Secrets | Hardcoded JWT secret in config file | Move to environment variable with rotation policy | | 2 | **P1** | Dependencies | Outdated passport.js with known CVE | Upgrade to latest minor with security backports | | 3 | **P2** | Headers | Missing CSP and HSTS headers | Add security headers via middleware | ## Quality Gates - [✓] All policies reviewed and updated within last 12 months - [✓] Exception process documented with expiry dates per exception - [✓] Attestation tracked for all required policy sign-offs ## Outputs Generated - **Security Policy Catalog with Version History**: Included in the report above. - **Policy Exception Registry with Expiry Tracking**: Included in the report above. - **Attestation Tracking Dashboard Specification**: Included in the report above. - **Policy Review Calendar with Owner Assignments**: Included in the report above. - **Policy-as-Code Implementation Roadmap**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*