auditclaw-gcp
GCP compliance evidence collection for auditclaw-grc. 12 read-only checks across Cloud Storage, firewall, IAM, logging, KMS, DNS, BigQuery, Compute, and Cloud SQL.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/mailnike/auditclaw-gcpAuditClaw GCP
Companion skill for auditclaw-grc. Collects compliance evidence from Google Cloud Platform projects using read-only API calls.
12 checks | Viewer + Security Reviewer roles only | Evidence stored in shared GRC database
Security Model
- Read-only access: Requires 6 read-only IAM roles (Viewer, Security Reviewer, Cloud SQL Viewer, Logging Viewer, DNS Reader, Cloud KMS Viewer). No write/modify permissions.
- Credentials: Uses standard GCP credential chain (
GOOGLE_APPLICATION_CREDENTIALSorgcloud auth). No credentials stored by this skill. - Dependencies: Google Cloud SDK packages (all pinned in requirements.txt)
- Data flow: Check results stored as evidence in
~/.openclaw/grc/compliance.sqlitevia auditclaw-grc
Prerequisites
- GCP credentials configured (
gcloud auth application-default loginor service account JSON) GCP_PROJECT_IDenvironment variable setpip install -r scripts/requirements.txt- auditclaw-grc skill installed and initialized
Commands
- "Run GCP evidence sweep": Run all checks, store results in GRC database
- "Check GCP storage compliance": Run Cloud Storage checks
- "Check GCP firewall rules": Run firewall ingress checks
- "Check GCP IAM compliance": Run IAM service account checks
- "Check GCP logging status": Verify audit logging configuration
- "Check GCP KMS keys": Review KMS key rotation
- "Show GCP integration health": Last sync, errors, evidence count
Usage
All evidence is stored in the shared GRC database at ~/.openclaw/grc/compliance.sqlite via the auditclaw-grc skill's db_query.py script.
To run a full evidence sweep:
python3 scripts/gcp_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --all
To run specific checks:
python3 scripts/gcp_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --checks storage,firewall,iam
Check Categories (9 files, 12 findings)
| Check | What It Verifies |
|---|---|
| storage | Uniform bucket-level access, public access prevention |
| firewall | No unrestricted ingress (0.0.0.0/0) to SSH/RDP/all |
| iam | Service account key rotation (90 days), SA admin privilege restriction |
| logging | Audit logging enabled (all services), log export sink exists |
| kms | KMS key rotation period <= 90 days |
| dns | DNSSEC enabled on public zones |
| bigquery | No public dataset access (allUsers/allAuthenticatedUsers) |
| compute | No default service account with cloud-platform scope |
| cloudsql | SSL enforcement, no public IP with 0.0.0.0/0 |
Evidence Storage
Each check produces evidence items stored with:
source: "gcp"type: "automated"control_id: Mapped to relevant SOC2/ISO/HIPAA controlsdescription: Human-readable finding summaryfile_content: JSON details of the check result
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-mailnike-auditclaw-gcp": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
auditclaw-aws
AWS compliance evidence collection for auditclaw-grc. 15 read-only checks across S3, IAM, CloudTrail, VPC, KMS, EC2, RDS, Lambda, EBS, SQS, SNS, Secrets Manager, Config, GuardDuty, and Security Hub.
erpclaw
AI-native ERP for small business. 29 modules, 609 actions. Install this meta-package to get started.
webclaw
Web dashboard for OpenClaw. Browser-based UI for any installed skill. Schema-driven rendering, JWT auth, RBAC, AI chat, real-time updates. Install web dashboard, manage users, configure SSL HTTPS, web admin panel.
auditclaw-grc
AI-native GRC (Governance, Risk, and Compliance) for OpenClaw. 97 actions across 13 frameworks including SOC 2, ISO 27001, HIPAA, GDPR, NIST CSF, PCI DSS, CIS Controls, CMMC, HITRUST, CCPA, FedRAMP, ISO 42001, and SOX ITGC. Manages controls, evidence, risks, policies, vendors, incidents, assets, training, vulnerabilities, access reviews, and questionnaires. Generates compliance scores, reports, dashboards, and trust center pages. Runs security header, SSL, and GDPR scans. Connects to AWS, Azure, GCP, GitHub, and identity providers via companion skills.
auditclaw-azure
Azure compliance evidence collection for auditclaw-grc. 12 read-only checks across storage, NSG, Key Vault, SQL, compute, App Service, and Defender for Cloud.