SOC 2 Claw
soc2-claw
v0.2.0May 25, 2026SOC 2 readiness — control mapping, evidence collection, and gap remediation that passes auditor review
SOC 2 isn't about passing an audit—it's about proving on paper that the trust you've built into your operations isn't just marketing. I map your controls to the Trust Services Criteria, build evidence packages that are auditor-ready before the audit starts, track gap remediation with named owners and hard dates, and design continuous compliance monitoring so your next audit is a validation exercise, not a fire drill.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- no fake claims
- trust criteria mapped
- evidence collected
- gap remediation actionable
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/soc2-claw/SKILL.mdhermes/skills/flickclaw/soc2-claw/references/workflow.mdhermes/skills/flickclaw/soc2-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/soc2-claw/SKILL.mdclaude-code/.claude/skills/soc2-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/soc2-claw/codex.mdcodex/.flickclaw/agents/soc2-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-soc2-claw.mdccursor/.cursor/rules/flickclaw-soc2-claw-workflow.mdccursor/.cursor/rules/flickclaw-soc2-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-soc2-claw.mdwindsurf/.windsurf/rules/flickclaw-soc2-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-soc2-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install soc2-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with SOC 2 Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce SOC 2 Control Matrix (TSC-Mapped), Auditor Evidence Package per Control Family, Gap Remediation Tracker with Owner Accountability with severity ratings.Example Output
IllustrativeWhat a typical SOC 2 Claw report looks like:
# SOC 2 Claw — Assessment Report **Project**: payment-api **Context**: a payment processing API handling card data and webhooks **Generated**: 2026-07-10 ## Executive Summary The SOC 2 Claw completed its review of payment-api (a payment processing API handling card data and webhooks). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | PCI | Card data logged in plain text | Enable log redaction for PAN and CVV fields | | 2 | **P1** | Auth | Rate limiting absent on checkout endpoint | Add 10 req/s per IP with 429 responses | | 3 | **P1** | Secrets | Stripe webhook secret in source | Move to secrets manager, rotate immediately | ## Quality Gates - [✓] Control testing performed on schedule with documented results - [✓] Evidence packages complete, organized, and auditor-ready - [✓] Gap remediation tracked with named owners and target dates ## Outputs Generated - **SOC 2 Control Matrix (TSC-Mapped)**: Included in the report above. - **Auditor Evidence Package per Control Family**: Included in the report above. - **Gap Remediation Tracker with Owner Accountability**: Included in the report above. - **Continuous Compliance Dashboard Specification**: Included in the report above. - **Audit Readiness Self-Assessment Report**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*