ClawHub

Isms Audit Expert

Security checks across malware telemetry and agentic risk

Overview

This ISO 27001 audit skill appears coherent and purpose-aligned, but users should be careful with sensitive audit evidence such as interview notes or recordings.

Install only if you intend to use it for ISO 27001 or ISMS audit work. Before sharing or collecting audit evidence, set your own rules for consent, data minimization, secure storage, limited access, retention, and deletion, especially for interview recordings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
Several triggers, especially `security audit`, `certification audit`, `audit finding`, and `nonconformity`, are broad enough to activate in conversations outside ISO 27001 ISMS auditing. Overbroad activation can route unrelated user requests into a specialized compliance workflow, causing irrelevant guidance, accidental data exposure into the wrong skill context, or confusion in security-sensitive discussions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The methodology explicitly recommends collecting interview notes and recordings as audit evidence, but provides no guidance on consent, data minimization, retention, access control, or lawful handling of potentially sensitive personal and security information. In an ISO 27001 audit context, recordings and evidence can contain confidential operational details, employee statements, and security weaknesses, so omission of privacy safeguards creates a real risk of unnecessary sensitive data collection and mishandling.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal