Shadow AI Monitor
A professional web dashboard system for tracking employee AI tool usage, identifying data exposure risks, and measuring PIPEDA compliance.
What This Skill Does
Generates enterprise-grade HTML dashboards showing:
- 📊 AI Tool Usage Analytics - Track which tools employees use (ChatGPT, Claude, Gemini, Copilot, Midjourney, Grok, Perplexity, Cursor, GitHub Copilot)
- ⚠️ Risk Analysis - Classify data exposure as Low/Medium/High risk
- 📋 Compliance Scoring - PIPEDA compliance score (0-100) with detailed requirement breakdown
- 👥 Employee Insights - Anonymized usage patterns and heatmaps
- 📈 Trend Tracking - Daily usage trends and event logs
- 📄 Board-Ready Reports - PDF export with professional styling
Perfect For
- Security Teams monitoring shadow AI adoption
- CTOs assessing compliance gaps
- Legal/Compliance teams tracking data exposure
- Sales Teams demoing AI governance products
- Consultants delivering AI risk assessments
Quick Start
Generate a demo dashboard:
node scripts/generate_demo_data.js
node scripts/generate_dashboard.js shadow-ai-data.json
Open shadow-ai-dashboard.html in your browser.
Features
🎯 Interactive Dashboard
Click to Explore:
- Employee Bars → See top 3 riskiest events, tools used, data categories, dates
- Compliance Score → View 5 PIPEDA requirements, pass/fail status, specific fixes
- Export Button → Generate PDF with letterhead styling
Key Metrics:
- PIPEDA compliance score (color-coded: green ≥85, yellow ≥70, red <70)
- Risk event breakdown (High/Medium/Low)
- Top 3 AI tools by usage
- Top 10 employees (anonymized)
Visualizations:
- Bar charts: Tool usage, employee activity
- Doughnut chart: Risk distribution
- Line chart: Daily trends
- Heat map: Employee usage intensity
- Scrollable event log (last 20 events, high-risk highlighted)
📋 Personalized Recommendations
Auto-generated advice based on actual data patterns:
- References specific employees and percentages
- Tool-specific recommendations (e.g., "ChatGPT accounts for 48% of usage")
- Compliance-specific action items
- Example: "Employee 5 generated 8 high-risk events involving client matters — review recommended"
🔒 PIPEDA Compliance Analysis
Detailed breakdown of 5 core requirements:
- Consent for Collection
- Limiting Use, Disclosure & Retention
- Safeguards
- Openness
- Individual Access
Each shows:
- Pass/Fail status
- Requirement description
- Specific action items using your actual data
📊 Demo Data Generator
Creates realistic data for a 50-person Canadian organization:
Configurable:
- Company name (default: Morrison & Associates)
- Employee count
- AI tools tracked
- Data categories (Client Legal, Financial, Health, Personal, etc.)
- Risk distribution
- Time period (last 7 days default)
Realistic Patterns:
- Mix of 9 different AI tools
- Varied risk levels (~25% high, ~35% medium, ~40% low)
- Employee anonymization (Employee 1, Employee 2, etc.)
- Concerning patterns for demo impact
Files
shadow-ai-monitor/
├── SKILL.md # This file
├── scripts/
│ ├── generate_demo_data.js # Demo data generator
│ └── generate_dashboard.js # HTML dashboard generator
Installation
Via ClawHub:
clawhub install shadow-ai-monitor
Manual:
mkdir -p ~/.openclaw/skills
cd ~/.openclaw/skills
# Download and extract skill files
Usage
Basic Demo Dashboard
cd ~/.openclaw/workspace # or your working directory
node ~/.openclaw/skills/shadow-ai-monitor/scripts/generate_demo_data.js
node ~/.openclaw/skills/shadow-ai-monitor/scripts/generate_dashboard.js shadow-ai-data.json
open shadow-ai-dashboard.html # or double-click in Finder/Explorer
This generates:
shadow-ai-data.json- Raw usage datashadow-ai-dashboard.html- Interactive dashboard
Customizing Demo Data
Edit scripts/generate_demo_data.js to customize:
Company Name:
const output = {
company: 'Your Company Name',
// ...
};
Employee Count:
const employees = Array.from({ length: 100 }, (_, i) => ({
id: `Employee ${i + 1}`,
// ...
}));
AI Tools Tracked:
const AI_TOOLS = [
'ChatGPT', 'Claude', 'Gemini', 'Your-Custom-Tool'
];
Data Categories:
const DATA_CATEGORIES = [
{ name: 'Your Category', risk: 'High' },
// ...
];
Automated Weekly Reports
Set up with OpenClaw cron:
{
"name": "Shadow AI Weekly Report",
"schedule": {"kind": "cron", "expr": "0 9 * * 1", "tz": "America/Toronto"},
"payload": {
"kind": "agentTurn",
"message": "Generate Shadow AI dashboard: 1) Run demo data generator 2) Generate dashboard 3) Send WhatsApp notification with metrics"
},
"sessionTarget": "isolated",
"delivery": {"mode": "announce", "channel": "whatsapp"}
}
Technical Details
Data Structure
{
"generated": "2026-02-22T15:00:00Z",
"company": "Morrison & Associates",
"employeeCount": 50,
"period": "Last 7 days",
"events": [
{
"timestamp": "2026-02-22T10:30:00Z",
"employee": "Employee 1",
"employeeRole": "Senior Associate",
"tool": "ChatGPT",
"dataCategory": "Client Legal Matters",
"risk": "High"
}
],
"metrics": {
"totalEvents": 268,
"topTools": [["ChatGPT", 89], ["Claude", 56]],
"riskCounts": {"Low": 95, "Medium": 83, "High": 90},
"complianceScore": 68,
"recommendations": ["..."]
}
}
Risk Scoring
High Risk:
- Client legal matters
- Financial records
- Health information
Medium Risk:
- Personal information
- Internal memos
- Proprietary data
Low Risk:
- General questions
- Code templates
- Public research
Compliance Score Calculation
Base: 100 points
Deduct: -2 points per % of high-risk events
Deduct: -0.5 points per % of medium-risk events
Range: 0-100
Example:
- 268 total events
- 90 high-risk (34%) → -68 points
- 83 medium-risk (31%) → -15.5 points
- Score: 16/100
Dashboard Technology
- Pure JavaScript - No npm install required
- Chart.js via CDN - Loaded from jsDelivr
- Dark Theme - Professional enterprise styling
- Responsive Design - Works on desktop and tablet
- Print-Optimized - Clean PDF export with letterhead
Use Cases
1. CTO Demo
Script:
"This is Morrison & Associates, a 50-person law firm. Over 7 days, we detected 268 AI tool events. Their PIPEDA compliance score is 16/100 because 34% of interactions involved client legal matters and health records shared with unapproved AI tools."
Click compliance score → Show specific PIPEDA failures
Click Employee 38 → Show their risky events
Click Export → Board-ready PDF
2. Security Assessment
Generate dashboard with your organization's data:
- Monitor Slack/Teams/Email for AI tool mentions
- Log to JSON format matching data structure
- Run dashboard generator
- Present findings to security team
3. Sales Presentation
Demo realistic data showing:
- Concerning compliance gaps
- Specific risk patterns
- Clear ROI through risk reduction
- Professional, board-ready output
4. Compliance Audit
Track progress over time:
- Generate weekly snapshots
- Compare compliance scores
- Identify trends (improving/worsening)
- Document remediation efforts
Security & Privacy
✅ No External API Calls - All processing local
✅ No Data Collection - Demo data never leaves your machine
✅ No Credentials Required - Pure JavaScript execution
✅ Anonymized Data - Employee IDs, no PII in demo
✅ Open Source - Review all code before running
Requirements
- Node.js (any recent version)
- Web Browser (Chrome, Firefox, Safari, Edge)
- No npm packages - Uses only Node.js built-ins
Roadmap
Future enhancements:
- Real-time monitoring integration
- Multi-company comparison
- Historical trend analysis
- Custom compliance frameworks (GDPR, HIPAA, SOC 2)
- Email delivery of reports
- Slack/Teams integration
- Live data ingestion from DLP tools
Support & Contribution
- Issues: Report bugs or request features on ClawHub
- Questions: OpenClaw Discord community
- Contributions: Submit improved visualizations, compliance frameworks, or data sources
License
MIT - Free for personal and commercial use
Credits
Built with OpenClaw by the automation engineering community.
Version: 1.0.0
Author: Automation Engineers
Category: Security, Compliance, Analytics
Tags: AI monitoring, PIPEDA, compliance, security, dashboard