ClawHub

Isms Audit Expert

v2.1.1

Information Security Management System (ISMS) audit expert for ISO 27001 compliance verification, security control assessment, and certification support. Use...

1· 1.5k·9 current·9 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided materials: SKILL.md and reference guides describe audit methodology and procedures; the single script generates risk-based audit schedules from a local CSV and formats output. All artifacts are coherent with an ISMS audit helper.
Instruction Scope
Runtime instructions focus on audit planning, evidence collection, control testing and finding management. They do not instruct the agent to read unrelated system files, access environment secrets, or transmit data to external endpoints. The script accepts a local CSV and writes a local file or stdout — consistent with documented functionality.
Install Mechanism
No install spec is provided and this is effectively an instruction+utils bundle. No network download/extract or package installs are requested, so there is low install risk.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The included script operates on local files provided by the user (CSV) and does not reference secrets or external services.
Persistence & Privilege
always is false and model invocation is normal (agent-autonomy allowed by default). The skill does not request persistent system modification or access to other skills' configs.
Assessment
This skill appears coherent and low-risk: it provides audit guidance and a local scheduler script that reads a CSV and writes JSON/markdown. Before using: (1) review the provided script yourself if you allow the agent to execute it; it reads local CSVs and writes output but does not contact external endpoints. (2) Do not upload sensitive credentials or production data in CSVs used with the script. (3) Treat the guidance as advisory — verify it against your organisation's policies and current standards. (4) If you are concerned about autonomous invocation, limit the agent's ability to execute code or access files until you have reviewed the script in your environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a68h8vnwa5bh0vb7mps44qx82kbk0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments