AuditClaw GRC

AI-native GRC assistant for OpenClaw. Manages compliance frameworks, controls, evidence, risks, policies, vendors, incidents, assets, training, vulnerabilities, access reviews, and questionnaires.

97 actions | 30 tables | 13 frameworks | 990+ controls

Security Model

• Database: SQLite at ~/.openclaw/grc/compliance.sqlite with WAL mode, owner-only permissions (0o600)
• Credentials: Stored in ~/.openclaw/grc/credentials/ with per-provider directories, owner-only permissions (0o700 dirs, 0o600 files), atomic writes, and secure deletion (overwrite with random bytes before removal). Secrets are never logged or exposed in output. See scripts/credential_store.py for implementation.
• Trust center: Generates a local HTML file only. Nothing is published externally. The user decides where to host it.
• Dependencies: requests==2.31.0 (pinned) for HTTP header scanning. Cloud integrations optionally use boto3 (AWS) and PyJWT (Azure) via try/except -- these are not required and only activate if installed and credentials are configured.
• Scans: All security scans (headers, SSL, GDPR) run locally against user-specified URLs only.
• No telemetry: No data is sent to external endpoints. All operations are local or to user-configured cloud accounts only.

Optional Environment Variables (for cloud integrations)

These are not required for core GRC functionality. They are only used when the user explicitly sets up cloud provider integrations via companion skills:

Setup

python3 {baseDir}/scripts/init_db.py
pip install -r {baseDir}/scripts/requirements.txt

Database: ~/.openclaw/grc/compliance.sqlite

Voice and Formatting

• Present data as formatted summaries, not raw JSON
• Keep messages under 4096 chars. Show top 5-10 rows, offer "Want the full list?"
• Emoji: ✅ complete, ⚠️ at-risk, 🔴 critical, 📊 scores, 📋 reports, 🔒 security
• Include context: "23/43 controls complete (53%)" not just "23"
• After each action, suggest the next logical step

Activation Triggers

Activate on: compliance, GRC, SOC 2, ISO 27001, HIPAA, GDPR, NIST, PCI DSS, CIS, CMMC, HITRUST, CCPA, FedRAMP, ISO 42001, SOX, ITGC, controls, evidence, risks, audit, gap analysis, security posture, compliance score, framework, security scan.

Database Operations

All queries go through: python3 {baseDir}/scripts/db_query.py --action <action> [args]

Output is JSON. Parse and present as human-readable summaries. For full action reference with all arguments: {baseDir}/references/db-actions.md

Core Actions

Additional Action Categories

• Policies: add, version, submit approval, review, require acknowledgment
• Training: add modules, assign, track completion, list overdue
• Vulnerabilities: add with CVE/CVSS, track remediation
• Access Reviews: create campaigns, add items, approve/revoke
• Questionnaires: create templates, send to vendors, record answers, score
• Incidents: add actions (timeline), post-incident reviews, summary with MTTR
• Assets: register with classification, lifecycle, encryption/backup/patch status
• Alerts: add, list, acknowledge, resolve
• Integrations: add provider, test connection, setup guide, show policy

Framework Activation

Run: python3 {baseDir}/scripts/db_query.py --action activate-framework --slug <slug>

Framework reference docs: {baseDir}/references/frameworks/

Compliance Score

Run: python3 {baseDir}/scripts/compliance_score.py [--framework <slug>] [--store]

Returns score (0-100), health distribution, trend, and drift detection. Use --store to save for tracking. Methodology: {baseDir}/references/scoring-methodology.md

Security Scanning

• Headers: python3 {baseDir}/scripts/check_headers.py --url <url> (CSP, HSTS, X-Frame-Options, etc.)
• SSL/TLS: python3 {baseDir}/scripts/check_ssl.py --domain <domain> (cert validity, chain, cipher)
• GDPR: Browser-based cookie consent check (requires Chromium)

After scans, offer to save results as evidence.

Reports and Exports

• Report: python3 {baseDir}/scripts/generate_report.py --framework <slug> --format html
• Trust center: python3 {baseDir}/scripts/generate_trust_center.py [--org-name "Acme Corp"] (local HTML only)
• Evidence export: python3 {baseDir}/scripts/export_evidence.py --framework <slug>

Interactive Flows

First-Time Setup

When user asks to set up compliance: initialize DB silently, present framework options with control counts and use cases, offer gap analysis after activation.

Smart Defaults

• Evidence type: infer from context (manual/automated/integration)
• Risk assessment: suggest likelihood/impact with reasoning, confirm before saving
• Bulk operations: list exactly what will change, confirm, report summary

Proactive Suggestions

After framework activation -> offer gap analysis and cloud integration setup. After marking controls complete -> offer score recalculation. After scanning -> offer to save as evidence. After scoring (< 30%) -> prioritize critical controls. (>= 90%) -> offer audit report.

Slash Commands

Scheduled Alerts (Cron)

Register via OpenClaw cron tool:

• Evidence expiry: daily 7 AM
• Score recalc: every 6 hours
• Weekly digest: Monday 8 AM

Always include "Using auditclaw-grc skill" in cron messages for routing.

Companion Skills

Optional add-ons for automated cloud evidence collection. Evidence flows into the shared GRC database.

Install: clawhub install auditclaw-<provider>

If a user asks to connect a cloud provider, check list-companions first. If not installed, guide them to install it.

Integration Setup

Say "setup aws", "setup github", etc. to get step-by-step guides with exact permissions. Use "test aws connection" to verify before running scans.

Reference Files

• {baseDir}/references/db-actions.md - Full action reference with all arguments
• {baseDir}/references/schema.md - Database schema
• {baseDir}/references/scoring-methodology.md - Scoring algorithm
• {baseDir}/references/commands/ - Detailed command guides
• {baseDir}/references/frameworks/ - Framework reference docs
• {baseDir}/references/integrations/ - Cloud integration guides