auditclaw-github
GitHub compliance evidence collection for auditclaw-grc. 9 read-only checks covering branch protection, secret scanning, 2FA, Dependabot, deploy keys, audit logs, webhooks, CODEOWNERS, and CI/CD security.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/mailnike/auditclaw-githubAuditClaw GitHub
Companion skill for auditclaw-grc. Collects compliance evidence from GitHub organizations using read-only API calls.
9 checks | Read-only token permissions | Evidence stored in shared GRC database
Security Model
- Read-only access: Uses fine-grained personal access token with read-only repository and organization permissions. No write access.
- Credentials: Uses
GITHUB_TOKENenv var. No credentials stored by this skill. - Dependencies:
PyGithub==2.8.1(pinned) - Data flow: Check results stored as evidence in
~/.openclaw/grc/compliance.sqlitevia auditclaw-grc
Prerequisites
- GitHub personal access token with read-only permissions (or classic token with
repo,read:org,security_events) - Set as
GITHUB_TOKENenvironment variable pip install -r scripts/requirements.txt- auditclaw-grc skill installed and initialized
Commands
- "Run GitHub evidence sweep": Run all checks, store results in GRC database
- "Check branch protection": Verify branch protection rules
- "Check secret scanning": Review secret scanning alerts
- "Check Dependabot alerts": Review dependency vulnerability alerts
- "Show GitHub integration health": Last sync, errors, evidence count
Usage
All evidence is stored in the shared GRC database at ~/.openclaw/grc/compliance.sqlite via the auditclaw-grc skill's db_query.py script.
To run a full evidence sweep:
python3 scripts/github_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --org my-org --all
To run specific checks:
python3 scripts/github_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --org my-org --checks branch_protection,secret_scanning
Check Categories (9)
| Check | What It Verifies |
|---|---|
| branch_protection | Default branch protection rules, required reviews, status checks |
| secret_scanning | Secret scanning enabled, active alert count |
| dependabot | Dependabot alerts by severity, auto-fix PRs |
| two_factor | Organization-level 2FA enforcement |
| deploy_keys | Deploy key audit, read-only vs read-write |
| audit_log | Admin audit log accessibility |
| webhooks | Webhook security (HTTPS, secrets configured) |
| codeowners | CODEOWNERS file present in repositories |
| ci_cd | GitHub Actions security, workflow permissions |
Evidence Storage
Each check produces evidence items stored with:
source: "github"type: "automated"control_id: Mapped to relevant SOC2/ISO/HIPAA controlsdescription: Human-readable finding summaryfile_content: JSON details of the check result
Setup Guide
When a user asks to set up GitHub integration, guide them through these steps:
Step 1: Create Fine-Grained Personal Access Token
Direct user to: GitHub → Settings → Developer Settings → Personal Access Tokens → Fine-grained tokens
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-mailnike-auditclaw-github": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
auditclaw-aws
AWS compliance evidence collection for auditclaw-grc. 15 read-only checks across S3, IAM, CloudTrail, VPC, KMS, EC2, RDS, Lambda, EBS, SQS, SNS, Secrets Manager, Config, GuardDuty, and Security Hub.
erpclaw
AI-native ERP for small business. 29 modules, 609 actions. Install this meta-package to get started.
webclaw
Web dashboard for OpenClaw. Browser-based UI for any installed skill. Schema-driven rendering, JWT auth, RBAC, AI chat, real-time updates. Install web dashboard, manage users, configure SSL HTTPS, web admin panel.
auditclaw-grc
AI-native GRC (Governance, Risk, and Compliance) for OpenClaw. 97 actions across 13 frameworks including SOC 2, ISO 27001, HIPAA, GDPR, NIST CSF, PCI DSS, CIS Controls, CMMC, HITRUST, CCPA, FedRAMP, ISO 42001, and SOX ITGC. Manages controls, evidence, risks, policies, vendors, incidents, assets, training, vulnerabilities, access reviews, and questionnaires. Generates compliance scores, reports, dashboards, and trust center pages. Runs security header, SSL, and GDPR scans. Connects to AWS, Azure, GCP, GitHub, and identity providers via companion skills.
auditclaw-azure
Azure compliance evidence collection for auditclaw-grc. 12 read-only checks across storage, NSG, Key Vault, SQL, compute, App Service, and Defender for Cloud.