← Back to Skills Marketplace
898
Downloads
5
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install afrexai-cybersecurity
Description
Conduct cybersecurity risk assessments by identifying assets, modeling threats, scoring vulnerabilities, mapping compliance, and creating incident response a...
README (SKILL.md)
Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
Process
1. Asset Inventory
Ask about or identify:
- Critical systems (production servers, databases, SaaS platforms)
- Data classification (PII, PHI, financial, IP, public)
- Network topology (cloud, on-prem, hybrid)
- Third-party integrations and vendor access
2. Threat Modeling (STRIDE)
For each critical asset, evaluate:
- Spoofing — authentication weaknesses
- Tampering — data integrity risks
- Repudiation — audit trail gaps
- Information Disclosure — data leakage vectors
- Denial of Service — availability risks
- Elevation of Privilege — access control flaws
3. Vulnerability Scoring
Rate each finding using Likelihood × Impact × Exposure (1-5 each):
| Score Range | Priority | Response Time |
|---|---|---|
| 75-125 | Critical | 24 hours |
| 40-74 | High | 7 days |
| 15-39 | Medium | 30 days |
| 1-14 | Low | Next quarter |
4. Compliance Mapping
Map findings to relevant frameworks:
- SOC 2 — Trust Service Criteria (CC6, CC7, CC8)
- ISO 27001 — Annex A controls
- NIST CSF — Identify, Protect, Detect, Respond, Recover
- CIS Controls — v8 Implementation Groups
- HIPAA — Technical safeguards (§164.312)
- PCI DSS — Requirements 1-12
- GDPR — Article 32 security measures
5. Incident Response Playbook
Generate response procedures for top threats:
- Detection triggers and alert thresholds
- Containment steps (isolate, preserve, communicate)
- Eradication and recovery procedures
- Post-incident review template
- Communication templates (internal, customer, regulatory)
6. Remediation Roadmap
Prioritize fixes by:
- Risk score (highest first)
- Implementation effort (quick wins early)
- Compliance deadline pressure
- Budget constraints
Output a 90-day action plan with owners, deadlines, and success metrics.
Output Format
Deliver a structured report with:
- Executive Summary (1 page — risk posture score, top 5 findings, budget ask)
- Detailed Findings (threat, score, evidence, remediation)
- Compliance Gap Matrix
- Incident Response Playbooks
- 90-Day Remediation Roadmap
Industry Benchmarks
- Average cost of a data breach: $4.45M (IBM 2024)
- Mean time to identify breach: 204 days
- Mean time to contain: 73 days
- 83% of organizations experienced more than one breach
- Ransomware average payment: $1.54M
Built by AfrexAI — AI context packs for business automation.
Usage Guidance
This skill is coherent and appears safe to install, but it is designed to gather sensitive information about your environment (assets, data classifications, vendor access, evidence). Before providing data, redact or avoid pasting secrets, credentials, full PII/PHI, or logs containing auth tokens. Use placeholder values where possible, and validate any remediation recommendations with a human security professional before applying changes. If you plan to have the agent perform active scans or access systems, configure scoped service accounts and secure credential storage rather than entering credentials directly into chat.
Capability Analysis
Type: OpenClaw Skill
Name: afrexai-cybersecurity
Version: 1.0.0
The skill bundle provides a well-structured framework for an AI agent to perform cybersecurity risk assessments. All files, including SKILL.md and README.md, contain instructions and information consistent with this stated purpose. There is no evidence of malicious intent, data exfiltration, unauthorized command execution, obfuscation, or prompt injection attempts designed to make the agent deviate from its legitimate function. The links provided are for attribution and promotion of the developer's related services, which is standard practice.
Capability Assessment
Purpose & Capability
Name and description match the SKILL.md: STRIDE threat modeling, vulnerability scoring, compliance mapping, incident response, and a 90-day remediation roadmap. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Runtime instructions ask the agent to elicit and document sensitive information (critical systems, PII/PHI classification, vendor access, evidence for findings). This is appropriate for a risk assessment, but it means the agent will request and handle sensitive organizational data — users should avoid pasting real credentials or secrets directly into the chat.
Install Mechanism
No install spec and no code files are included. Because the skill is instruction-only, nothing is written to disk and there are no remote downloads to evaluate.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The absence of requested credentials is proportionate to the skill being an advice/report generator rather than an automation that calls external APIs or systems.
Persistence & Privilege
always is false (default) and autonomous invocation is allowed (platform default). The skill does not request persistent privileges, system modifications, or configuration changes to other skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install afrexai-cybersecurity - After installation, invoke the skill by name or use
/afrexai-cybersecurity - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — provides a structured, expert cybersecurity risk assessment framework.
- Guides users through asset inventory, threat modeling (STRIDE), vulnerability scoring, and compliance mapping.
- Includes pre-defined compliance frameworks (SOC 2, ISO 27001, NIST CSF, CIS, HIPAA, PCI DSS, GDPR).
- Offers a step-by-step incident response playbook and a prioritized remediation roadmap.
- Outputs a detailed, formatted report covering executive summary, findings, compliance gaps, incident playbooks, and a 90-day action plan.
- Provides up-to-date industry benchmarks for reference.
Metadata
Frequently Asked Questions
What is Cybersecurity Risk Assessment?
Conduct cybersecurity risk assessments by identifying assets, modeling threats, scoring vulnerabilities, mapping compliance, and creating incident response a... It is an AI Agent Skill for Claude Code / OpenClaw, with 898 downloads so far.
How do I install Cybersecurity Risk Assessment?
Run "/install afrexai-cybersecurity" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Cybersecurity Risk Assessment free?
Yes, Cybersecurity Risk Assessment is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Cybersecurity Risk Assessment support?
Cybersecurity Risk Assessment is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Cybersecurity Risk Assessment?
It is built and maintained by 1kalin (@1kalin); the current version is v1.0.0.
More Skills