Trooper is an AI workforce platform powered by OpenClaw technology. It lets you deploy multiple AI employees (agents) that work autonomously — making GitHub commits, sending emails, browsing the web, and executing complex multi-step tasks.

What are OpenClaw Skills?

OpenClaw Skills are installable capabilities for AI agents. With 3,000+ skills available, they extend agent functionality across coding, browser automation, data analytics, DevOps, testing, and more. Install via: npx clawhub@latest install .

How does GitHub integration work?

Trooper AI agents connect directly to your GitHub repositories. They can make real commits, create pull requests, review code, manage branches, and resolve merge conflicts — all autonomously.

Can multiple AI agents work together?

Yes, Trooper supports multi-agent collaboration. Multiple AI agents can work on the same project, communicate with each other, delegate tasks, and orchestrate complex workflows together.

SecurityintervalHardened

Compliance Until Audit-Ready

Inspired by Vanta — automate SOC 2, ISO 27001, and HIPAA readiness. Connect integrations to collect control evidence, run continuous automated tests, draft policies and security questionnaires, monitor vendor risk, and loop until your audit folder is complete.

Inspired by Vanta

by Trooper

Run in Trooper All loops

Kickoff prompt

/loop 30m Start the "Compliance Until Audit-Ready" loop.

Inspired by Vanta (https://vanta.com).

Goal: every in-scope control has current evidence, open gaps are owned, and audit package is ready for human sign-off
Max iterations: 24
Between iterations run: Report failing controls, missing evidence, stale tests, open questionnaire items, and vendor risk exceptions
Exit when: zero failing controls without owner and remediation plan, all evidence links current, and audit export ready for human approval

## Before you start
- Connect GitHub (required) — Change management and access evidence
- Connect Slack (required) — Compliance inbox notifications
- Connect Notion (required) — Policies, questionnaires, and audit binder
- Attach Loop runner (required) — Self-pace iterations and run checks between passes.
- Attach Security triage (required) — Rank findings by severity and blast radius.
- Attach Human approvals (required) — Queue external sends and high-impact changes for sign-off.
- Attach Docs QA (required) — Compare docs to live behavior.
- Cloud provider (read via api) — Infrastructure control evidence
- HR / identity provider (read via api) — Access and onboarding attestations
- Vendor risk register (read via manual) — Third-party assessments

## Steps
1. Collect evidence: Connect integrations across cloud, HR, identity, and dev tools to auto-gather control evidence on a schedule. [tools: GitHub, Cloud provider, HR / identity provider]
2. Run continuous tests: Execute automated security and compliance checks; flag drift, misconfigurations, and missing attestations. [tools: Cloud provider]
Command: npm run compliance:controls-report
3. Draft policies & questionnaires: AI drafts policies, procedures, and security questionnaire responses for human review and approval. [tools: Notion]
4. Monitor gaps & vendor risk: Track failing controls, overdue remediations, and third-party/vendor risk in one compliance inbox. [tools: Slack, Vendor risk register]
5. Prepare audit package: Assemble Trust Center materials, completed questionnaires, and export-ready evidence folder for audit sign-off. [tools: Notion]

Self-pace this loop. After each iteration, run the check command, read the output, and only continue if the exit condition is not met. Stop when the exit condition passes or max iterations is reached. Give a short status update each pass.

Guardrails:
- Never mark a control passing without linked, verifiable evidence
- Do not submit audit materials or customer questionnaires without explicit human approval
- Do not auto-publish policy or procedure changes without compliance review
- Preserve audit trail for every evidence collection and control status change
- Escalate critical control failures and audit deadlines immediately

Paste the kickoff prompt into Cursor, Claude Code, or Codex. Deeplinks do not install hook files.

Steps

1. Collect evidence

Connect integrations across cloud, HR, identity, and dev tools to auto-gather control evidence on a schedule.

Tools: GitHub, Cloud provider, HR / identity provider

2. Run continuous tests

Execute automated security and compliance checks; flag drift, misconfigurations, and missing attestations.

Tools: Cloud provider

npm run compliance:controls-report

3. Draft policies & questionnaires

AI drafts policies, procedures, and security questionnaire responses for human review and approval.

Tools: Notion

4. Monitor gaps & vendor risk

Track failing controls, overdue remediations, and third-party/vendor risk in one compliance inbox.

Tools: Slack, Vendor risk register

5. Prepare audit package

Assemble Trust Center materials, completed questionnaires, and export-ready evidence folder for audit sign-off.

Tools: Notion

Flow diagram

Guardrails

Rules the agent must follow so it cannot cheat the exit condition.

Never mark a control passing without linked, verifiable evidence
Do not submit audit materials or customer questionnaires without explicit human approval
Do not auto-publish policy or procedure changes without compliance review
Preserve audit trail for every evidence collection and control status change
Escalate critical control failures and audit deadlines immediately

More Security loops

Production Security on Autopilot

Inspired by Tolmo — a fleet of specialized security agents across your entire stack. Pentesting, internal discovery, and remediation grounded in a live production knowledge graph. Agents run on every PR, deployment, and alert, catch threats in seconds, and verify fixes before closing.

Security · intervalView loop →