2.5k
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill grc-report- SKILL.md460 B
Overview
This skill generates a focused HTML compliance report for a chosen governance, risk, and compliance (GRC) framework. It presents a compliance score, control status breakdown, evidence coverage, and identified gaps for quick executive and technical review. The output is ready for sharing with auditors or teams tracking remediation.
How this skill works
Ask the user to select one of the active frameworks available in the system. The skill analyzes collected audit evidence and mapped controls for that framework, computes compliance metrics, and assembles an HTML report summarizing score, control statuses (pass/warn/fail/not-applicable), evidence coverage, and remediation gaps. The generated report is structured for easy reading and can be downloaded or attached to tickets.
When to use it
- Preparing for an external audit or certification assessment
- Periodic internal compliance checks across a specific framework
- Demonstrating control coverage to stakeholders or security teams
- Prioritizing remediation work based on control gaps and evidence coverage
- Archiving compliance posture snapshots for governance records
Best practices
- Prompt users to confirm the target framework from the active frameworks list before generating the report
- Ensure evidence sources (logs, scan results, policy documents) are up to date to improve accuracy of coverage metrics
- Use the control status breakdown to drive ticketing and assign remediation owners
- Include contextual notes for any controls marked as Not Applicable to aid future audits
- Schedule regular report generation to track trends in compliance score over time
Example use cases
- Generate an HTML report for NIST SP 800-53 to prepare for a readiness review
- Produce a SOC 2 snapshot to share control status and evidence with an auditor
- Run a PCI DSS compliance report to identify gaps before remediation sprint planning
- Create governance reports for executive review showing compliance score trends and risk hotspots
FAQ
The skill shows the active frameworks list when prompted; choose from the available frameworks configured in your environment.
What does the compliance score represent?
The compliance score summarizes the percentage of applicable controls that meet required criteria, weighted by control significance and evidence coverage.