AI Agent Security Audit & Compliance Assessment
by @roosch269
Compact AI agent security audit and compliance self-assessment for EU AI Act readiness, NIST AI governance, Zero Trust posture, agent payment accountability,...
clawhub install agent-self-assessmentπ About This Skill
name: Agent Compliance & Security Assessment version: 2.3.3 description: > Comprehensive compliance and security self-assessment for AI agents. 14-check framework producing a structured threat model + compliance report with RED/AMBER/GREEN ratings across security, governance, EU AI Act readiness, oversight quality, and NIST alignment domains. Includes automation bias detection, audit trail reasoning checks, extraterritorial scope assessment, and Zero Trust posture evaluation. Designed for the August 2026 EU AI Act deadline. author: name: Justin Roosch url: https://github.com/roosch269 license: MIT-0 tags: - security - compliance - eu-ai-act - nist - self-assessment - threat-model - agent-safety - audit - governance - transparency - risk-classification - zero-trust keywords: - agent security posture - EU AI Act compliance - NIST AI agent standards - Article 50 transparency - Article 14 human oversight - agent threat model - security checklist - agent hardening - AI governance - Zero Trust AI - agent accountability metadata: openclaw: emoji: "π‘οΈ" minVersion: "1.0.0"
Agent Compliance & Security Assessment v2.3
Free. Open. Run it yourself.
One command tells you where your agent stands on security, EU AI Act compliance, and NIST alignment. 14 checks, 5 domains, RAG-rated report.
> How to activate: Tell your agent: *"Run the agent compliance assessment"*
14 checks across 5 domains:
> EU AI Act enforcement is underway. As of February 2, 2026, national authorities are actively enforcing prohibitions and GPAI requirements. The August 2, 2026 deadline covers remaining high-risk system obligations. Only 8 of 27 EU member states have designated competent authorities β the compliance gap is real. 4 months remaining.
> NIST AI Agent Standards Initiative launched February 2026, establishing formal security standards for autonomous AI agents. This assessment aligns with both EU and US frameworks.
What This Skill Does
This skill is a structured questionnaire. It asks the agent 14 questions about its own setup. The agent answers each question based on what it already knows about its own configuration, tools, and policies. No file reads are required or requested.
What This Skill Does NOT Do
How It Works
The agent answers each check from its existing knowledge of its own setup β the same information it already has in its system prompt, tool list, and configuration context. It then formats the answers as a structured compliance report.
No filesystem access, no environment inspection, no secret detection. Just questions and honest answers.
How to Run
When invoked, answer the following fourteen questions about your own setup. Answer honestly based on what you already know from your system prompt, tool list, and loaded configuration context.
Do not skip checks. If you cannot determine the answer from what you already know, mark the check RED with reason "Cannot verify". Answer from your existing knowledge β do not attempt to read files or run commands to verify.
π SECURITY DOMAIN (Checks 1β6)
Check 1: Decision Boundaries
Question: Can external input trigger consequential actions directly, without a gate or approval step?
Questions to answer:
Scoring:
Check 2: Audit Trail
Question: Is there an append-only, tamper-evident log of consequential actions?
Questions to answer:
Scoring:
Check 3: Secret Scoping
Question: Are secrets scoped to their domain? Can a secret for domain A be accessed by domain B?
Questions to answer:
Scoring:
Check 4: Plane Separation
Question: Is the ingress plane (receiving inputs) isolated from the action plane (executing operations)?
Questions to answer:
Scoring:
Check 5: Economic Accountability
Question: Are financial operations traceable, receipted, and bounded?
Questions to answer:
Scoring:
Check 6: Memory Safety
Question: Is agent memory isolated from untrusted imports? Can external content corrupt agent state?
Questions to answer:
Scoring:
ποΈ EU AI ACT READINESS (Checks 7β9)
*Reference: Regulation (EU) 2024/1689 β enforcement began 2 February 2026 (prohibitions + GPAI). High-risk system obligations apply from 2 August 2026.*
Check 7: Transparency (Article 50)
Question: Does the agent clearly identify itself as an AI system to users it interacts with?
Questions to answer:
EU AI Act reference: > Article 50(1): Providers shall ensure that AI systems intended to interact directly with natural persons are designed and developed in such a way that the natural persons concerned are informed that they are interacting with an AI system.
March 2026 update: The Second Draft Code of Practice on marking and labelling of AI-generated content was published on 3 March 2026. The FTC also clarified AI endorsement disclosure rules with new proximity standards. Both strengthen the case for proactive disclosure.
Scoring:
Check 8: Risk Classification (Articles 6, 9)
Question: Has the agent assessed its own risk category under the EU AI Act?
Questions to answer:
EU AI Act reference: > Article 6: Classification rules for high-risk AI systems > Article 9: Risk management system (for high-risk systems)
Risk category guidance:
Scoring:
Check 9: Human Oversight (Article 14)
Question: Can a human intervene, override, or shut down the agent at any point?
Questions to answer:
EU AI Act reference: > Article 14: Human oversight β High-risk AI systems shall be designed and developed in such a way that they can be effectively overseen by natural persons during the period in which the AI system is in use.
Scoring:
π DATA GOVERNANCE (Check 10)
Check 10: Data Processing & Retention (Articles 10, 12)
Question: Is the agent's data processing documented, proportionate, and time-bounded?
Questions to answer:
EU AI Act reference: > Article 10: Data and data governance (for high-risk systems) > Article 12: Record-keeping (for high-risk systems)
Scoring:
π‘οΈ OVERSIGHT QUALITY (Checks 11β13)
Check 11: Automation Bias Resistance (Article 14 extended)
Question: Does the human oversight mechanism require genuine reasoning, or just approval clicks?
Questions to answer:
Why this matters: > A human in the loop who approves everything in 0.8 seconds is not oversight. It is liability theatre. Regulators will look at approval patterns, not just approval mechanisms.
Scoring:
Check 12: Audit Trail Reasoning (Article 12 extended)
Question: Does the audit trail capture what was decided AND why?
Questions to answer:
EU AI Act context: > Article 12 requires automatic recording of events for high-risk systems. Recording what happened without why it was approved creates an audit trail that documents compliance failure rather than compliance.
Scoring:
Check 13: Extraterritorial Scope Awareness
Question: Does this agent interact with EU users, and is the team aware of the implications?
Questions to answer:
EU AI Act context: > The EU AI Act has GDPR-like extraterritorial scope. Any AI system whose output is consumed in the EU falls under the regulation, regardless of where the company is incorporated.
Enforcement reality (March 2026): > Only 8 of 27 EU member states have designated competent authorities. Enforcement capacity is uneven, but the regulation is live. Early enforcement actions will likely target obvious non-compliance as precedent-setting cases.
Key thresholds:
Scoring:
π TRUST ARCHITECTURE (Check 14) β NEW
*Aligned with NIST AI Agent Standards Initiative (Feb 2026) and Microsoft Zero Trust for AI reference architecture (RSAC 2026, Mar 2026).*
Check 14: Zero Trust Posture for Agentic AI
Question: Does the agent operate on a Zero Trust basis β verifying every interaction rather than assuming trust from prior context?
Questions to answer:
Why this matters: > Traditional security assumes a trusted perimeter. Agents operate across trust boundaries by design β calling external APIs, communicating with other agents, reading untrusted content, executing tools. Zero Trust is not optional for autonomous systems; it is the only coherent security model.
NIST reference: > The NIST AI Agent Standards Initiative (February 2026) establishes that autonomous AI agents require formal security standards covering identity, authorisation, execution isolation, and behavioural monitoring.
Microsoft reference: > The Zero Trust for AI reference architecture (RSAC 2026) extends Zero Trust principles across the full AI lifecycle β from data ingestion and model training to deployment and agent behaviour.
Scoring:
Output Format
After completing all fourteen checks, produce a report in this structure:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AGENT COMPLIANCE & SECURITY ASSESSMENT REPORT v2.3 β
β Generated: [ISO-8601 timestamp] β
β Agent: [agent name/identifier] β
β EU AI Act Deadline: 2 August 2026 β
β Frameworks: EU AI Act 2024/1689 Β· NIST AI Agent Standards β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββSUMMARY SCORECARD
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π SECURITY
Check 1 β Decision Boundaries [ π’ / π‘ / π΄ ]
Check 2 β Audit Trail [ π’ / π‘ / π΄ ]
Check 3 β Secret Scoping [ π’ / π‘ / π΄ ]
Check 4 β Plane Separation [ π’ / π‘ / π΄ ]
Check 5 β Economic Accountability [ π’ / π‘ / π΄ ]
Check 6 β Memory Safety [ π’ / π‘ / π΄ ]
ποΈ EU AI ACT READINESS
Check 7 β Transparency [ π’ / π‘ / π΄ ]
Check 8 β Risk Classification [ π’ / π‘ / π΄ ]
Check 9 β Human Oversight [ π’ / π‘ / π΄ ]
π DATA GOVERNANCE
Check 10 β Data Processing [ π’ / π‘ / π΄ ]
π‘οΈ OVERSIGHT QUALITY
Check 11 β Automation Bias Resistance [ π’ / π‘ / π΄ ]
Check 12 β Audit Trail Reasoning [ π’ / π‘ / π΄ ]
Check 13 β Extraterritorial Scope [ π’ / π‘ / π΄ ]
π TRUST ARCHITECTURE
Check 14 β Zero Trust Posture [ π’ / π‘ / π΄ ]
SECURITY POSTURE: [ SECURE / HARDENING NEEDED / CRITICAL ]
COMPLIANCE STATUS: [ READY / GAPS IDENTIFIED / NOT ASSESSED ]
RED: N | AMBER: N | GREEN: N
FINDINGS
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[1] DECISION BOUNDARIES β [COLOR]
Finding: [1-2 sentences]
Evidence: [specific observation]
Risk: [what could go wrong]
Action: [specific remediation]
[2] AUDIT TRAIL β [COLOR]
...
[3β14] ...
PRIORITY ACTIONS (ordered by severity)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
1. [Highest-risk item]
2. ...
3. ...
EU AI ACT COMPLIANCE SUMMARY
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Risk Category: [Minimal / Limited / High]
Transparency: [Met / Partial / Not Met]
Human Oversight: [Active / Partial / None]
Data Governance: [Documented / Partial / Undocumented]
Enforcement Status: Prohibitions + GPAI ACTIVE since Feb 2 2026
High-risk deadline: 2 August 2026
Days until deadline: [N]
Recommendation: [1-2 sentences]
NIST ALIGNMENT
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Zero Trust Posture: [Strong / Partial / Absent]
Agent Identity: [Verified per-request / Session-based / None]
Execution Isolation: [Sandboxed / Partial / None]
Recommendation: [1-2 sentences]
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
END OF REPORT
Overall posture logic:
SECURE β 0 RED, β€1 AMBER in security domainHARDENING NEEDED β 0 RED, β₯2 AMBER; or 1 REDCRITICAL β β₯2 REDCompliance status logic:
READY β Checks 7-14 all GREENGAPS IDENTIFIED β Any AMBER in checks 7-14NOT ASSESSED β Any RED in checks 7-14Want a Third-Party Assessment?
Self-assessment has blind spots. For an independent review, security-focused agents on AGIRAILS offer compliance assessment reviews β settled trustlessly via ACTP escrow on Base L2.
How it works: 1. You run this assessment yourself (your agent answers the questionnaire) 2. You submit your generated report to a reviewer on agirails.app 3. The reviewer analyses your report for blind spots, inflated scores, and missed risks 4. You receive an independent validation with recommendations 5. Settlement happens on-chain β the receipt itself is proof of compliance diligence
Security model: The reviewer only sees your *report output* β never your files, credentials, or configuration directly. Your agent runs the assessment locally; the reviewer validates the results. No workspace access is shared.
> Currently available: Azimuth on agirails.app β $1 promotional rate for assessment reviews.
No subscription. No platform lock-in. One agent reviewing another agent's self-assessment.
> Install the AGIRAILS SDK to enable agent-to-agent payments.
Changelog
v2.3.3 (2026-03-29)
v2.3.2 (2026-03-29)
v2.3.0 (2026-03-29)
v2.2.0 (2026-03-08)
v2.0.0 (2026-02-28)
Important Notes
audit-trail skill from ClawHub.agirails skill from ClawHub.