Compliance Check

Name: Compliance Check
Author: anthropics

anthropics/knowledge-work-plugins

Run a structured compliance review on a planned feature, campaign, or data flow before engineering or marketing commits.

Overview

Compliance-check is an agent skill most often used in Ship (also Validate, Launch) that runs a structured regulatory and approval review on a proposed product, data, or marketing initiative.

Install

npx skills add https://github.com/anthropics/knowledge-work-plugins --skill compliance-check

What is this skill?

Slash-command workflow: /compliance-check with a free-text initiative description
Outputs Proceed / Proceed with conditions / Do not proceed style summary with regulation mapping
Covers product features, marketing campaigns, data residency, and authentication changes
Explicit disclaimer: assists workflows, not legal advice; requires human legal review
References CONNECTORS.md when external legal or policy tools are wired

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.6k installs on skills.sh; 19.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You are about to ship a feature or campaign that touches personal data or regulated markets but do not know which rules, approvals, or jurisdictions apply.

Who is it for?

Solo SaaS or mobile founders preparing launches that involve PII, payments, health-adjacent data, ads, or cross-border processing.

Skip if: Replacing licensed attorneys, generating binding legal opinions, or teams that already have a mature GRC platform with signed policy packs.

When should I use this skill?

Launching a feature that touches personal data, proposing marketing with regulatory implications, or needing approvals and jurisdictional requirements before proceeding.

What do I get? / Deliverables

You get a markdown compliance brief with risk areas and suggested next approvals so legal and engineering can align before build or launch proceeds.

Compliance Check markdown report with summary and risk sections
List of applicable regulations and approval paths
Proceed / conditions recommendation for human review

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Canonical shelf is Ship/security because the skill is framed as a gate before launch—surfacing regulations, approvals, and risk when personal data or jurisdictional issues are in play. Security subphase captures regulatory and privacy risk review distinct from unit testing or code review checklists.

Also useful

ValidateScope & plan

Also useful

LaunchDistribution & launch channels

Where it fits

Example use

ValidateScope & plan

Decide whether EU users belong in v1 before architecting data stores.

Example use

ShipSecurity

Review biometric unlock plus account recovery for APP/store privacy questionnaires.

Example use

LaunchDistribution & launch channels

Stress-test a cash-referral promo against consumer promotion and AML-adjacent flags.

Example use

BuildBackend, data & payments

Document cross-border replication assumptions before the agent drafts the data-processing addendum.

How it compares

Use as a pre-flight compliance checklist skill, not as automated policy enforcement or a SOC2 audit substitute.

Common Questions / FAQ

Who is compliance-check for?

Indie builders and product leads who need a fast, structured first pass on regulatory implications before dedicating engineering or ad spend.

When should I use compliance-check?

In Validate when scoping data-heavy MVPs, in Ship before enabling biometric auth or new data flows, and in Launch before testimonial or referral campaigns—whenever regulatory touchpoints are unclear.

Is compliance-check safe to install?

It is a procedural prompt skill without inherent malware; still review connected connectors and the Security Audits panel on this Prism page before enabling plugins in production repos.

SKILL.md

READMESKILL.md - Compliance Check

# /compliance-check -- Compliance Review

> If you see unfamiliar placeholders or need to check which tools are connected, see [CONNECTORS.md](../../CONNECTORS.md).

Run a compliance check on a proposed action, product feature, marketing campaign, or business initiative.

**Important**: This command assists with legal workflows but does not provide legal advice. Compliance assessments should be reviewed by qualified legal professionals. Regulatory requirements change frequently; always verify current requirements with authoritative sources.

## Usage

```
/compliance-check $ARGUMENTS
```

## What I Need From You

Describe what you're planning to do. Examples:
- "We want to launch a referral program with cash rewards"
- "We're adding biometric authentication to our mobile app"
- "We need to process EU customer data in our US data center"
- "Marketing wants to use customer testimonials in ads"

## Output

```markdown
## Compliance Check: [Initiative]

### Summary
[Quick assessment: Proceed / Proceed with conditions / Requires further review]

### Applicable Regulations and Policies
| Regulation/Policy | Relevance | Key Requirements |
|-------------------|-----------|-----------------|
| [GDPR / CCPA / HIPAA / etc.] | [How it applies] | [What you need to do] |

### Requirements
| # | Requirement | Status | Action Needed |
|---|-------------|--------|---------------|
| 1 | [Requirement] | [Met / Not Met / Unknown] | [What to do] |

### Risk Areas
| Risk | Severity | Mitigation |
|------|----------|------------|
| [Risk] | [High/Med/Low] | [How to address] |

### Recommended Actions
1. [Most important action]
2. [Second priority]
3. [Third priority]

### Approvals Needed
| Approver | Why | Status |
|----------|-----|--------|
| [Person/Team] | [Reason] | [Pending] |

### Further Review Recommended
[Areas where outside counsel or specialist review is advised]
```

## Privacy Regulation Overview

### GDPR (General Data Protection Regulation)

**Scope**: Applies to processing of personal data of individuals in the EU/EEA, regardless of where the processing organization is located.

**Key Obligations for In-House Legal Teams**:
- **Lawful basis**: Identify and document lawful basis for each processing activity (consent, contract, legitimate interest, legal obligation, vital interest, public task)
- **Data subject rights**: Respond to access, rectification, erasure, portability, restriction, and objection requests within 30 days (extendable by 60 days for complex requests)
- **Data protection impact assessments (DPIAs)**: Required for processing likely to result in high risk to individuals
- **Breach notification**: Notify supervisory authority within 72 hours of becoming aware of a personal data breach; notify affected individuals without undue delay if high risk
- **Records of processing**: Maintain Article 30 records of processing activities
- **International transfers**: Ensure appropriate safeguards for transfers outside EEA (SCCs, adequacy decisions, BCRs)
- **DPO requirement**: Appoint a Data Protection Officer if required (public authority, large-scale processing of special categories, large-scale systematic monitoring)

**Common In-House Legal Touchpoints**:
- Reviewing vendor DPAs for GDPR compliance
- Advising product teams on privacy by design requirements
- Responding to supervisory authority inquiries
- Managing cross-border data transfer mechanisms
- Reviewing consent mechanisms and privacy notices

### CCPA / CPRA (California Consumer Privacy Act / C

What is this skill?

Slash-command workflow: /compliance-check with a free-text initiative description

Outputs Proceed / Proceed with conditions / Do not proceed style summary with regulation mapping

Covers product features, marketing campaigns, data residency, and authentication changes

Explicit disclaimer: assists workflows, not legal advice; requires human legal review

References CONNECTORS.md when external legal or policy tools are wired

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.6k installs on skills.sh; 19.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What do I get? / Deliverables

You get a markdown compliance brief with risk areas and suggested next approvals so legal and engineering can align before build or launch proceeds.

Compliance Check markdown report with summary and risk sections

List of applicable regulations and approval paths

Proceed / conditions recommendation for human review

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

Also useful

LaunchDistribution & launch channels

Where it fits

Example use

ValidateScope & plan

Decide whether EU users belong in v1 before architecting data stores.

Example use

ShipSecurity

Review biometric unlock plus account recovery for APP/store privacy questionnaires.

Example use

LaunchDistribution & launch channels

Stress-test a cash-referral promo against consumer promotion and AML-adjacent flags.

Example use

BuildBackend, data & payments

Document cross-border replication assumptions before the agent drafts the data-processing addendum.

SKILL.md

READMESKILL.md - Compliance Check

# /compliance-check -- Compliance Review

> If you see unfamiliar placeholders or need to check which tools are connected, see [CONNECTORS.md](../../CONNECTORS.md).

Run a compliance check on a proposed action, product feature, marketing campaign, or business initiative.

**Important**: This command assists with legal workflows but does not provide legal advice. Compliance assessments should be reviewed by qualified legal professionals. Regulatory requirements change frequently; always verify current requirements with authoritative sources.

## Usage

```
/compliance-check $ARGUMENTS
```

## What I Need From You

Describe what you're planning to do. Examples:
- "We want to launch a referral program with cash rewards"
- "We're adding biometric authentication to our mobile app"
- "We need to process EU customer data in our US data center"
- "Marketing wants to use customer testimonials in ads"

## Output

```markdown
## Compliance Check: [Initiative]

### Summary
[Quick assessment: Proceed / Proceed with conditions / Requires further review]

### Applicable Regulations and Policies
| Regulation/Policy | Relevance | Key Requirements |
|-------------------|-----------|-----------------|
| [GDPR / CCPA / HIPAA / etc.] | [How it applies] | [What you need to do] |

### Requirements
| # | Requirement | Status | Action Needed |
|---|-------------|--------|---------------|
| 1 | [Requirement] | [Met / Not Met / Unknown] | [What to do] |

### Risk Areas
| Risk | Severity | Mitigation |
|------|----------|------------|
| [Risk] | [High/Med/Low] | [How to address] |

### Recommended Actions
1. [Most important action]
2. [Second priority]
3. [Third priority]

### Approvals Needed
| Approver | Why | Status |
|----------|-----|--------|
| [Person/Team] | [Reason] | [Pending] |

### Further Review Recommended
[Areas where outside counsel or specialist review is advised]
```

## Privacy Regulation Overview

### GDPR (General Data Protection Regulation)

**Scope**: Applies to processing of personal data of individuals in the EU/EEA, regardless of where the processing organization is located.

**Key Obligations for In-House Legal Teams**:
- **Lawful basis**: Identify and document lawful basis for each processing activity (consent, contract, legitimate interest, legal obligation, vital interest, public task)
- **Data subject rights**: Respond to access, rectification, erasure, portability, restriction, and objection requests within 30 days (extendable by 60 days for complex requests)
- **Data protection impact assessments (DPIAs)**: Required for processing likely to result in high risk to individuals
- **Breach notification**: Notify supervisory authority within 72 hours of becoming aware of a personal data breach; notify affected individuals without undue delay if high risk
- **Records of processing**: Maintain Article 30 records of processing activities
- **International transfers**: Ensure appropriate safeguards for transfers outside EEA (SCCs, adequacy decisions, BCRs)
- **DPO requirement**: Appoint a Data Protection Officer if required (public authority, large-scale processing of special categories, large-scale systematic monitoring)

**Common In-House Legal Touchpoints**:
- Reviewing vendor DPAs for GDPR compliance
- Advising product teams on privacy by design requirements
- Responding to supervisory authority inquiries
- Managing cross-border data transfer mechanisms
- Reviewing consent mechanisms and privacy notices

### CCPA / CPRA (California Consumer Privacy Act / C

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is compliance-check for?

When should I use compliance-check?

Is compliance-check safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is compliance-check for?

When should I use compliance-check?

Is compliance-check safe to install?

SKILL.md