aws-compliance-analyzer
Map AWS environment against CIS, SOC 2, HIPAA, or PCI-DSS controls with prioritized remediation
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/anmolnagpal/compliance-analyzerWhat This Skill Does
The AWS Compliance Gap Analyzer is an intelligent assistant designed to streamline the complex task of aligning your AWS environment with industry-standard compliance frameworks. By analyzing raw data exports from AWS Config and Security Hub, the agent performs a cross-walk mapping of your current resource configurations against CIS AWS Foundations Benchmark v2.0, SOC 2 Type II, HIPAA, and PCI-DSS v4.0. It transforms noisy, technical security findings into actionable auditor-ready reports, prioritizing remediation based on risk and effort, and providing clear, step-by-step CLI-based runbooks to fix identified gaps.
Installation
To integrate this tool into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/anmolnagpal/compliance-analyzer
Use Cases
- Pre-Audit Preparation: Quickly assess your environment before a third-party auditor performs a SOC 2 or HIPAA assessment.
- Continuous Monitoring: Analyze your current Security Hub findings to ensure active security controls remain compliant.
- Remediation Planning: Generate a technical project plan for your DevOps team to close critical gaps identified during a CIS benchmark scan.
- Environment Hardening: Evaluate a new AWS account's configuration against strict PCI-DSS requirements before moving production cardholder data into it.
Example Prompts
- "I've attached my securityhub-findings.json. Please map these findings against CIS AWS Foundations v2.0 and give me a prioritized list of critical gaps with remediation commands."
- "Analyze this AWS Config snapshot for HIPAA compliance. Which technical safeguards am I failing, and how can I fix them quickly?"
- "I don't have a JSON file yet. Can you guide me through the IAM policy I need to create to extract the necessary data for a PCI-DSS v4.0 assessment?"
Tips & Limitations
- Data Quality: The quality of the analysis is directly proportional to the breadth of data provided. Providing both Security Hub and Config snapshots produces the most accurate results.
- Security First: This skill is strictly analytical. It provides remediation runbooks for you to execute; it does not possess IAM permissions to modify your environment, ensuring you maintain full control over infrastructure changes.
- Context is Key: If you are in a highly regulated environment, ensure you specify the exact scope (e.g., regions and account IDs) to avoid false positives in your compliance report.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-anmolnagpal-compliance-analyzer": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read
Related Skills
aws-terraform-security-reviewer
Review Terraform plans and HCL files for AWS security misconfigurations before deployment
azure-storage-exposure-auditor
Identify publicly accessible Azure Storage accounts and misconfigured blob containers
aws-tagging-auditor
Audit AWS resource tagging compliance and identify unallocatable spend for FinOps teams
aws-cloudtrail-threat-detector
Analyze AWS CloudTrail logs for suspicious patterns, unauthorized changes, and MITRE ATT&CK indicators
gcp-bigquery-optimizer
Analyze BigQuery query patterns and storage to dramatically reduce the