Agent-Skills.md

Agent Skills: Kling AI Compliance Review

|

UncategorizedID: jeremylongshore/claude-code-plugins-plus-skills/klingai-compliance-review

Repository

jeremylongshore/claude-code-plugins-plus-skills
jeremylongshoreLicense: NOASSERTION
1,723221

Install this agent skill to your local

pnpm dlx add-skill https://github.com/jeremylongshore/claude-code-plugins-plus-skills/tree/HEAD/plugins/saas-packs/klingai-pack/skills/klingai-compliance-review

Skill Files

Browse the full folder contents for klingai-compliance-review.

Download Skill

Loading file tree…

plugins/saas-packs/klingai-pack/skills/klingai-compliance-review/SKILL.md

Skill Metadata

Name
klingai-compliance-review
Description
|

Kling AI Compliance Review

Overview

Security and compliance assessment framework for Kling AI integrations. Covers data handling, credential management, content policy, privacy, and regulatory considerations.

Data Flow Assessment

User Prompt → [Your App] → [Kling AI API] → [Kling GPU Cluster]
                                                     ↓
[Your CDN] ← download ← [Kling CDN (temporary URL)] ← Generated Video

Data Residency

| Data | Location | Retention | |------|----------|-----------| | Prompts | Sent to Kling servers (China/global) | Processing only | | Generated videos | Kling CDN (temporary URLs) | ~24-72 hours | | API keys | Your infrastructure | You control | | Audit logs | Your infrastructure | You control |

Security Checklist

Credential Security

  • [ ] AK/SK stored in secrets manager (not env files, not code)
  • [ ] Keys rotated quarterly
  • [ ] Separate keys per environment
  • [ ] JWT tokens never logged
  • [ ] Access key prefix logged (first 8 chars only)
# Safe logging pattern
def safe_log_key(access_key: str) -> str:
    return access_key[:8] + "..." + access_key[-4:]

Network Security

  • [ ] All API calls over HTTPS (enforced by base URL)
  • [ ] Webhook endpoints use HTTPS with valid TLS cert
  • [ ] Network egress rules allow api.klingai.com:443
  • [ ] No API keys in query strings (Bearer token in header only)

Input Validation

  • [ ] Prompt length validated (<= 2500 chars)
  • [ ] Image URLs validated before sending
  • [ ] User input sanitized against injection
  • [ ] Content policy pre-filtering active

Output Handling

  • [ ] Kling CDN URLs treated as temporary
  • [ ] Videos downloaded and stored on your infrastructure
  • [ ] Generated content scanned before serving to end users
  • [ ] Video metadata stripped of sensitive info before public delivery

Privacy Assessment

| Question | Consideration | |----------|--------------| | Do prompts contain PII? | Filter PII before sending to API | | Do images contain faces? | Check consent requirements (GDPR Art. 6) | | Are generated videos stored? | Define retention policy | | Who has access to generated content? | RBAC on storage layer | | Cross-border data transfer? | Kling API servers may be in China |

GDPR Considerations

class GDPRCompliantClient:
    """Kling client with GDPR data handling."""

    def __init__(self, base_client, audit_logger):
        self.client = base_client
        self.audit = audit_logger

    def text_to_video(self, prompt: str, data_subject_id: str = None, **kwargs):
        # Log processing activity (GDPR Art. 30)
        self.audit.log("processing_activity", "system", {
            "purpose": "video_generation",
            "data_subject": data_subject_id,
            "legal_basis": "legitimate_interest",
            "data_categories": ["text_prompt"],
            "recipients": ["klingai_api"],
        })

        return self.client.text_to_video(prompt, **kwargs)

    def handle_deletion_request(self, data_subject_id: str):
        """Handle GDPR right to erasure (Art. 17)."""
        # Delete stored videos associated with the data subject
        # Delete audit logs referencing the data subject
        # Note: cannot delete data already sent to Kling API
        self.audit.log("deletion_request", "system", {
            "data_subject": data_subject_id,
            "action": "processed",
        })

Automated Compliance Check

def run_compliance_check(config: dict) -> dict:
    """Run automated compliance checks against configuration."""
    checks = []

    # Check credential storage
    if config.get("key_source") == "environment":
        checks.append(("WARN", "credentials", "Using env vars; prefer secrets manager"))
    elif config.get("key_source") == "secrets_manager":
        checks.append(("PASS", "credentials", "Using secrets manager"))

    # Check TLS
    if config.get("base_url", "").startswith("https://"):
        checks.append(("PASS", "tls", "HTTPS enforced"))
    else:
        checks.append(("FAIL", "tls", "Not using HTTPS"))

    # Check content filtering
    if config.get("content_filter_enabled"):
        checks.append(("PASS", "content_filter", "Pre-submission filtering active"))
    else:
        checks.append(("WARN", "content_filter", "No pre-submission content filtering"))

    # Check audit logging
    if config.get("audit_logging"):
        checks.append(("PASS", "audit", "Audit logging enabled"))
    else:
        checks.append(("FAIL", "audit", "No audit logging"))

    # Print report
    for status, area, message in checks:
        icon = {"PASS": "OK", "WARN": "!!", "FAIL": "XX"}[status]
        print(f"  [{icon}] {area}: {message}")

    return {
        "passed": sum(1 for s, _, _ in checks if s == "PASS"),
        "warnings": sum(1 for s, _, _ in checks if s == "WARN"),
        "failed": sum(1 for s, _, _ in checks if s == "FAIL"),
    }

Resources