Isms Audit Expert
PassAudited by ClawScan on May 1, 2026.
Overview
The provided artifacts match an ISO 27001 audit assistant; the main cautions are handling sensitive audit evidence and knowingly running the optional local scheduler.
This looks appropriate for ISO 27001 audit assistance. Before installing or using it, be prepared to handle audit evidence as sensitive, avoid pasting secrets or unnecessary personal data, and run the included scheduler only after reviewing it and choosing safe file paths.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide real audit evidence, the agent may see sensitive account, access, and operational security details.
The audit workflow expects privileged-account inventories and activity logs; this is purpose-aligned for ISO 27001 control testing but contains sensitive identity and authorization information.
Obtain list of privileged accounts ... Review privileged activity logs
Share only the minimum necessary evidence, redact secrets and unnecessary personal data, and keep audit records in approved secure locations.
A mistaken output path could overwrite a local file, and an unintended input file could expose the wrong local data to the generated plan.
The optional CLI helper can read a user-selected CSV and write to a user-selected output path; this is normal for an audit-plan generator but local paths should be chosen carefully.
parser.add_argument("--controls", "-c", help="CSV file with control risk ratings") ... if args.output: with open(args.output, "w", encoding="utf-8") as f:Run the script only when needed, review the command first, use explicit safe input/output paths, and keep backups for important files.
A user could overlook that the package contains a local executable helper even though no installation steps are declared.
The same artifact set includes scripts/isms_audit_scheduler.py, so there is optional runnable code despite no install specification; the script appears self-contained and is not shown as auto-run.
No install spec — this is an instruction-only skill.
Review the included script before running it, and treat the helper as optional unless you specifically need audit-plan generation.