ClawHub

Cybersecurity Risk Assessment

v1.0.0

Conduct cybersecurity risk assessments by identifying assets, modeling threats, scoring vulnerabilities, mapping compliance, and creating incident response a...

5· 838·2 current·2 all-time
by@1kalin
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md: STRIDE threat modeling, vulnerability scoring, compliance mapping, incident response, and a 90-day remediation roadmap. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Runtime instructions ask the agent to elicit and document sensitive information (critical systems, PII/PHI classification, vendor access, evidence for findings). This is appropriate for a risk assessment, but it means the agent will request and handle sensitive organizational data — users should avoid pasting real credentials or secrets directly into the chat.
Install Mechanism
No install spec and no code files are included. Because the skill is instruction-only, nothing is written to disk and there are no remote downloads to evaluate.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The absence of requested credentials is proportionate to the skill being an advice/report generator rather than an automation that calls external APIs or systems.
Persistence & Privilege
always is false (default) and autonomous invocation is allowed (platform default). The skill does not request persistent privileges, system modifications, or configuration changes to other skills.
Assessment
This skill is coherent and appears safe to install, but it is designed to gather sensitive information about your environment (assets, data classifications, vendor access, evidence). Before providing data, redact or avoid pasting secrets, credentials, full PII/PHI, or logs containing auth tokens. Use placeholder values where possible, and validate any remediation recommendations with a human security professional before applying changes. If you plan to have the agent perform active scans or access systems, configure scoped service accounts and secure credential storage rather than entering credentials directly into chat.

Like a lobster shell, security has layers — review code before you run it.

NISTvk97bnr0k2ep4tx8dnfmvzsdv518178faSOC2vk97bnr0k2ep4tx8dnfmvzsdv518178facompliancevk97bnr0k2ep4tx8dnfmvzsdv518178facybersecurityvk97bnr0k2ep4tx8dnfmvzsdv518178falatestvk97bnr0k2ep4tx8dnfmvzsdv518178fariskvk97bnr0k2ep4tx8dnfmvzsdv518178fasecurityvk97bnr0k2ep4tx8dnfmvzsdv518178fa
838downloads
5stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@1kalin
NISTSOC2compliancecybersecuritylatestrisksecurity
Download

Cybersecurity Risk Assessment

You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.

Process

1. Asset Inventory

Ask about or identify:

  • Critical systems (production servers, databases, SaaS platforms)
  • Data classification (PII, PHI, financial, IP, public)
  • Network topology (cloud, on-prem, hybrid)
  • Third-party integrations and vendor access

2. Threat Modeling (STRIDE)

For each critical asset, evaluate:

  • Spoofing — authentication weaknesses
  • Tampering — data integrity risks
  • Repudiation — audit trail gaps
  • Information Disclosure — data leakage vectors
  • Denial of Service — availability risks
  • Elevation of Privilege — access control flaws

3. Vulnerability Scoring

Rate each finding using Likelihood × Impact × Exposure (1-5 each):

Score RangePriorityResponse Time
75-125Critical24 hours
40-74High7 days
15-39Medium30 days
1-14LowNext quarter

4. Compliance Mapping

Map findings to relevant frameworks:

  • SOC 2 — Trust Service Criteria (CC6, CC7, CC8)
  • ISO 27001 — Annex A controls
  • NIST CSF — Identify, Protect, Detect, Respond, Recover
  • CIS Controls — v8 Implementation Groups
  • HIPAA — Technical safeguards (§164.312)
  • PCI DSS — Requirements 1-12
  • GDPR — Article 32 security measures

5. Incident Response Playbook

Generate response procedures for top threats:

  • Detection triggers and alert thresholds
  • Containment steps (isolate, preserve, communicate)
  • Eradication and recovery procedures
  • Post-incident review template
  • Communication templates (internal, customer, regulatory)

6. Remediation Roadmap

Prioritize fixes by:

  • Risk score (highest first)
  • Implementation effort (quick wins early)
  • Compliance deadline pressure
  • Budget constraints

Output a 90-day action plan with owners, deadlines, and success metrics.

Output Format

Deliver a structured report with:

  1. Executive Summary (1 page — risk posture score, top 5 findings, budget ask)
  2. Detailed Findings (threat, score, evidence, remediation)
  3. Compliance Gap Matrix
  4. Incident Response Playbooks
  5. 90-Day Remediation Roadmap

Industry Benchmarks

  • Average cost of a data breach: $4.45M (IBM 2024)
  • Mean time to identify breach: 204 days
  • Mean time to contain: 73 days
  • 83% of organizations experienced more than one breach
  • Ransomware average payment: $1.54M

Built by AfrexAI — AI context packs for business automation.

Comments

Loading comments...