⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

⚖️ Legal & Compliance

agent-bom compliancev0.88.5

Name: agent-bom compliance
Author: msaad00

agent-bom-compliance

msaad00

AI compliance and policy engine — evaluate scan results against OWASP, NIST, SOC 2, ISO 27001, CMMC, EU AI Act, AISVS v1.0, and related frameworks. Generate...

latest

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

1.9K

Stars

CreatedMar 12, 2026

UpdatedJun 1, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install msaad00/agent-bom-compliance

Skill Package2 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

A65/100

Grade Good — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation9/35

· 1910 downloads (moderate demand)
· 2 installs (very low)

Documentation25/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains tool definitions
· Contains usage examples or trigger description
· Detailed summary

Package Completeness6/15

Security Analysis

💙 Low Risk

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://github.com/msaad00/agent-bom

KNOWN_EXTERNALlow

Uses known external API (expected, informational)

googleapis.com

Audited Apr 17, 2026 · audit v1.0

💡

Usage Guide

Generated Mar 21, 2026

AI Security EngineersCompliance Officersintermediate

💡 Application Scenarios

AI Application Security AuditingFinancial Services

A fintech company developing AI-powered fraud detection models uses this skill to audit their AI infrastructure against OWASP LLM Top 10 and MITRE ATLAS frameworks. They run local compliance checks to identify vulnerabilities like prompt injection or data leakage, ensuring their models meet internal security policies before deployment.

Regulatory Compliance for Healthcare AIHealthcare

A healthcare provider implementing AI diagnostic tools uses this skill to evaluate compliance with the EU AI Act and NIST AI RMF. They generate SBOMs in CycloneDX format to document software components, helping meet transparency requirements and manage risks in high-stakes medical applications.

Cloud Infrastructure BenchmarkingRetail/E-commerce

An e-commerce platform uses this skill to perform CIS benchmark checks on their AWS and GCP cloud accounts. By invoking optional cloud API calls with read-only credentials, they assess configurations against security best practices, identifying misconfigurations in IAM or storage services to prevent breaches.

Supply Chain Security for AI StartupsTechnology/Startups

A startup building AI agents uses this skill to enforce custom policy-as-code rules on their development pipeline. They run policy checks to limit critical vulnerabilities and generate SPDX SBOMs, ensuring third-party dependencies are secure and compliant with industry standards like OWASP Agentic Top 10.

Government AI GovernanceGovernment/Public Sector

A government agency deploying AI for public services uses this skill to map and measure risks using NIST AI RMF and EU AI Act frameworks. They conduct local evaluations without network calls, maintaining data sovereignty while generating compliance reports and SBOMs for audit trails.

💼 Business Models

SaaS Compliance PlatformSubscription-based, with tiered pricing from $99/month to $999/month

A company integrates this skill into a cloud-based platform offering automated AI compliance checks as a service. They charge subscription fees for continuous monitoring against frameworks like OWASP and EU AI Act, with premium tiers for CIS benchmark integrations across multiple cloud providers.

Consulting and Implementation ServicesProject-based fees ranging from $5,000 to $50,000 per engagement

A cybersecurity firm uses this skill to provide consulting services, helping clients implement and customize compliance workflows. They generate revenue through project-based fees for setting up policy-as-code rules, conducting audits, and training teams on using the tool for regulatory adherence.

Open-Source Support and Enterprise LicensingEnterprise licensing and support contracts starting at $10,000/year

The maintainers offer this skill as open-source under Apache-2.0, with revenue from enterprise support contracts and custom feature development. They provide paid support for CIS benchmark integrations and priority updates, targeting large organizations needing scalable compliance solutions.

💬 Integration Tip

Integrate this skill into CI/CD pipelines by running compliance checks after AI model scans; use environment variables for optional cloud credentials only when CIS benchmarks are needed to avoid unnecessary network calls.