Nist Compliance Assessment
v1.0.0NIST Cybersecurity Framework (CSF) and SP 800-53 Rev 5 compliance assessment for network infrastructure. Maps device configuration against 6 control families...
⭐ 0· 42·0 current·0 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description match the content: the SKILL.md and reference files provide vendor-specific read-only commands and control-to-CSF mappings appropriate for a network device compliance assessment. One minor inconsistency: the registry metadata listed no required binaries, while the SKILL.md metadata (openclaw field) indicates 'ssh' is required. Expectation that SSH or management API access exists is reasonable for this purpose.
Instruction Scope
Instructions are scoped to read-only verification commands and procedural assessment steps. They reference running 'show' commands that will reveal configuration and potentially sensitive items (password hashes, SNMP community strings, AAA server lists); this is expected for a compliance audit but is high-sensitivity data. The skill does not instruct reading unrelated local files or exfiltrating results to unknown endpoints.
Install Mechanism
No install spec or code is included (instruction-only), so nothing is written to disk or downloaded. This is the lowest-risk install mechanism and appropriate for a documentation/assessment skill.
Credentials
The skill declares no required environment variables or credentials in the registry, which is coherent for an instruction-only skill. However, practical use requires SSH/API credentials to the target devices (read-only privileges). Those credentials are not requested or described as environment variables by the skill — the user/agent must supply them at runtime. This omission is not malicious but users must ensure credentials provided to their agent are strictly read-only and scoped to the audit boundary.
Persistence & Privilege
The skill does not request persistent presence, does not include an install step, and does not set always:true. Model invocation is allowed (platform default), which means an agent could run the instructions autonomously if given credentials — this is expected for skills but poses operational risk only if credentials/spanning scope are too broad.
Assessment
This skill is a documentation-driven, read-only checklist and vendor command reference for mapping network device configuration to NIST CSF / 800-53 controls. Before using it: (1) Confirm how your agent will obtain device credentials — do not store or expose privileged credentials; use scoped, read-only accounts or temporary credentials. (2) Ensure the SSH/client used by the agent exists on the host (SKILL.md metadata expects ssh). (3) Understand that many 'show' commands reveal sensitive secrets (hashes, SNMP community strings, TACACS/RADIUS endpoints); handle and store outputs securely. (4) If you do not want the agent to run these commands autonomously, restrict model/skill invocation or require user approval before running commands. (5) Verify the assessment boundary and permission to audit target devices to avoid unintended access or policy violations.Like a lobster shell, security has layers — review code before you run it.
latestvk97bgwyn915g5zptddbqe3d42s841s9k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.