ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

compliance-posture-intake

Comprehensive HIPAA compliance posture assessment for agent and API contexts. Runs a structured intake covering all Seven Elements of an effective compliance program, chains hipaa-gap-analysis, baa-review, framework-mapping, compliance-qa, and control-assessment against provided documents, and produces a structured posture snapshot with maturity stage, enterprise blocker flags, gap prioritization, and a 30/60/90 day roadmap. Compatible with any agent context that has access to the rote-compliance-toolkit tools — via Claude Code plugin, Rote MCP server, or direct API integration.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/dangsllc/compliance-posture-intake
Or

Compliance Posture Intake

Purpose

Guide a non-technical user through a structured compliance posture assessment. Combine their self-reported answers with analysis of any compliance documents they share. Deliver a polished Word document they can share with their team, bring to a consultation, or use to seed a Rote account.

This skill runs all analysis inline by default. Do not rely on external tool invocations unless they are available in your agent context.

Note for Agent Contexts: This skill runs all analysis inline by default. However, if you are running in an agent context (like Claude Code, Rote MCP, or a custom agent) with access to the rote-compliance-toolkit tools, you may optionally chain those tools for document analysis (Step 3) instead of doing it inline.

The analytical methodology for each document type is embedded in Step 3 below.

How to Run This Skill

Work conversationally. Do not present the full question list upfront. Lead the user through the assessment as a structured conversation — each step flows naturally from the last.

Before beginning, say:

"I'll guide you through a compliance posture assessment. It takes about 15 minutes and covers your policies, training, oversight structure, risk management, and incident response. At the end, I'll produce a report you can share with your team or bring to a consultation.

Let's start with some context about your organization."

Step 1 — Orientation

Ask Group A and Group B as two separate conversational exchanges. Do not number the questions aloud — ask them naturally as a grouped set.

Group A — Organizational context

Ask all eight together in a single message, formatted as a brief list:

"A few quick questions to set the context:

  • Briefly describe what your product or service does — what problem it solves and what types of data or workflows it touches. (A sentence or two is fine.)
  • What is your organization's role under HIPAA — are you a Covered Entity, a Business Associate, or both? (If you're not sure, just say so.)
  • Roughly how many employees handle patient data, directly or indirectly?
  • What stage is your company at? (Pre-revenue, early growth Series A/B, established Series B+, or enterprise)
  • Who is your primary healthcare customer? (Small practices, mid-market health systems, enterprise health systems, payers, or multiple)
  • Which compliance frameworks are you expected to meet? (HIPAA is the baseline — are HITRUST, SOC 2, NIST, or ISO 27001 also on the table?)
  • What's your main goal with this assessment today?
  • Do you have any compliance documents you'd like me to analyze? (Policies, a BAA, a risk assessment, training records, or a state license or business registration — any combination is fine.)"

Group B — Risk profile

After receiving Group A answers, ask Group B as a brief follow-up:

Read Full Documentation on GitHub

Metadata

Author@dangsllc
Stars3376
Views0
Updated2026-03-24
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-dangsllc-compliance-posture-intake": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

framework-mapping

Bidirectional mapping between document sections and compliance framework controls with confidence scoring. Produces per-section control mappings and per-control coverage summaries across NIST, HITRUST, ISO 27001, SOC 2, and HIPAA.

dangsllc 3376

baa-review

Clause-by-clause BAA analysis against 45 CFR 164.504(e)(2). Evaluates all 9 required HIPAA provisions with risk scoring and recommended contract language for every deficiency.

dangsllc 3376

compliance-qa

Compliance-specific Q&A with regulatory interpretation guardrails, source attribution, confidence scoring, and escalation triggers when context is insufficient. Works standalone or RAG-enhanced with the Rote platform.

dangsllc 3376

risk-assessment

Framework-directable information security risk assessment. Identifies threats, evaluates likelihood/impact via a 3x3 matrix, maps findings to any compliance framework, and recommends risk treatment options with prioritization guidance.

dangsllc 3376

control-assessment

Evaluate individual framework controls against organizational documentation with evidence extraction, severity classification, and remediation recommendations.

dangsllc 3376