Eight skills.
Open source. Run anywhere.
The compliance methodology lives in two forms here: eight agentic skills (open source, Apache 2.0) that any LLM or MCP-compatible agent can run, and structured self-assessments you can take in your browser. Both are grounded in the CFR sections and framework catalogs they address.
One-click install for Claude and Cowork users. The Risk Assessment skill has crossed 1,000 installs — from practitioners who chose this framework specifically.
Browse skills on ClawHub →The eight compliance skills
Assess compliance documents against HIPAA Security Rule and Privacy Rule requirements. Get structured findings with coverage status, evidence citations, confidence scores, and remediation recommendations for every control.
Clause-by-clause Business Associate Agreement analysis against 45 CFR 164.504. Evaluates all required HIPAA BAA provisions with risk scoring, contract language citations, and specific remediation recommendations.
Bidirectional mapping between document sections and compliance framework controls (NIST CSF 2.0, ISO 27001, SOC 2, HIPAA). Produces per-section mappings and per-control coverage summaries with confidence scores.
Evaluate individual framework controls against organizational documentation with evidence extraction, quality evaluation, severity classification, and actionable remediation recommendations.
Identifies threats and vulnerabilities, evaluates likelihood and impact via a 3x3 risk matrix, maps findings to any compliance framework (NIST CSF 2.0 by default, or any framework you specify), and recommends risk treatment options with prioritization guidance.
RAG-style compliance question answering with regulatory interpretation guardrails. Answers questions strictly from provided context with source attribution, confidence scoring, and escalation triggers for critical issues.
Guides a structured compliance posture assessment covering all Seven Elements of an effective compliance program. Combines self-reported answers with analysis of any compliance documents you provide. Produces a posture snapshot with maturity stage, enterprise blocker flags, gap prioritization, and a 30/60/90 day roadmap.
Scans a directory of documents, classifies each file by compliance type (BAA, security policy, risk assessment, IR plan, and more), resolves version conflicts with your input, and produces a prioritized analysis plan mapping confirmed-current documents to the right compliance skill. Routes to the analysis skills rather than performing analysis itself.
Structured assessments you can take in your browser.
The skills above run agentically. These two assessments are interactive diagnostics designed for direct use, no agent required. Benchmark your compliance program against the 7 Elements framework or place your organization on the three stages of compliance maturity. No account required.
Based on the Federal Sentencing Guidelines' seven elements of an effective compliance program. 31 yes/no questions across standards, oversight, delegation, training, monitoring, enforcement, and response. Produces a readiness score and tier with specific next steps.
Identifies which stage of compliance maturity your organization occupies: Foundation, Active Management, or Proactive Defense. Helps align program investment with deal size and target market.
Two ways to run the skills
If you use Claude or Cowork, install any Rote skill in one click from ClawHub. Skills appear as native tools with no configuration required. clawhub.ai/dangsllc →
Install the toolkit as an MCP server and run any skill as a slash command. Skills appear as native tools in your agent environment and have access to your local documents.
Download a SKILL.md file from GitHub and paste it as a system prompt. The methodology is in the file. It runs on any model that supports structured instructions.
What the Rote platform adds
Both paths run the full methodology. The difference is scope. Running a skill standalone means analyzing one document per session, manually provided. The Rote platform indexes your full document corpus in workspace-isolated Qdrant collections, so the same skills retrieve from your entire policy library, vendor agreement stack, or framework set simultaneously. Cross-document analysis, persistent audit trails, and citation back to specific document sections and pages are all platform-layer capabilities. The HIPAA Gap Analysis skill run against a single policy is useful. Run against 40 policies across a health system, with every finding traced to the exact section it came from, it becomes the output a compliance program actually needs.
Download the skills as SKILL.md files
Each skill is a single SKILL.md file. Download the full toolkit as a ZIP or browse individual skills on GitHub. Apache 2.0 licensed.
Framework-directable 3x3 risk assessment for any compliance program
Download SKILL.mdA structured Seven Elements assessment of your compliance program
Download SKILL.mdScan a directory, classify your compliance documents, get an analysis plan
Download SKILL.mdWant this run
for your organization?
The AI Governance Snapshot applies these skills to your compliance documents and delivers structured findings, a maturity score, and a remediation roadmap. Free. Delivered by Dan within a week.