← Back to Skills Marketplace
221
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install toolweb-nist-csf-mapper
Description
Map your security controls and tools to NIST CSF 2.0, receive coverage scores, gap analysis, tier rating, regulatory crosswalk, and a prioritized improvement...
Usage Guidance
This skill appears to be a thin wrapper around an external API (portal.toolweb.in) that will receive detailed information about your security posture. Before installing or using it: 1) Confirm the provider identity and homepage/source (metadata lists none). 2) Do not send production-sensitive or confidential data until you verify the vendor's security/privacy policies and TLS ownership. 3) Ask the publisher why no credential is declared in the metadata even though SKILL.md requires an API key; require that the skill declare a primary credential or prompt for it explicitly. 4) Test with synthetic or redacted data first. 5) If you must provide an API key, use least-privilege credentials and short-lived keys where possible and review audit logs for API use. 6) If you need an on‑premise or offline mapping for compliance reasons, prefer tools that run locally rather than outsourcing security posture data to an external service.
Capability Analysis
Type: OpenClaw Skill
Name: toolweb-nist-csf-mapper
Version: 1.0.0
The skill is designed to collect and transmit highly sensitive organizational security architecture data—including specific security tools (e.g., CrowdStrike, Palo Alto, Splunk) and internal control gaps—to an external third-party API (portal.toolweb.in). While this behavior is aligned with the stated purpose of NIST CSF mapping, the aggregation of such detailed reconnaissance-grade information by an external service poses a significant security risk. There is no evidence of intentional malice or unauthorized local file access, but the inherent risk of data exposure justifies a suspicious classification.
Capability Assessment
Purpose & Capability
The skill claims to call an external service (portal.toolweb.in) to generate NIST CSF mappings and expects an API key in its API reference, yet the skill metadata lists no required environment variables or primary credential. That omission is inconsistent: a remote API integration normally requires the caller to provide an API key or token.
Instruction Scope
SKILL.md is instruction-only and stays within the stated purpose: it asks for company profile, tools, boolean posture fields, and describes POSTing that data to /nist-mapping. It does not instruct reading local files, arbitrary env vars, or other system state. The instructions do send potentially sensitive organizational security data to an external endpoint.
Install Mechanism
There is no install spec and no code files; this is instruction-only, which minimizes on-disk installation risk.
Credentials
The API reference requires an API key via X-API-Key or mcp_api_key, but the skill metadata declares no required env vars/primary credential. That discrepancy means the skill's declared permissions understate the secret/API access it needs. Also, the skill will transmit detailed security posture data to an external endpoint — sensitive information that warrants explicit justification and documented handling.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and declares no config paths. It does allow autonomous invocation (default), but that is the platform norm and not by itself a problem.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install toolweb-nist-csf-mapper - After installation, invoke the skill by name or use
/toolweb-nist-csf-mapper - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of NIST CSF Mapper skill.
- Enables mapping of your organization's security controls and tools to NIST Cybersecurity Framework (CSF) 2.0.
- Provides function-by-function CSF coverage, gap analysis, maturity tier rating, and prioritized improvement roadmap.
- Outputs tool-to-CSF mapping, regulatory crosswalk, and an executive summary.
- Includes clear API usage instructions, required parameters, and example output.
Metadata
Frequently Asked Questions
What is NIST CSF Mapper?
Map your security controls and tools to NIST CSF 2.0, receive coverage scores, gap analysis, tier rating, regulatory crosswalk, and a prioritized improvement... It is an AI Agent Skill for Claude Code / OpenClaw, with 221 downloads so far.
How do I install NIST CSF Mapper?
Run "/install toolweb-nist-csf-mapper" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is NIST CSF Mapper free?
Yes, NIST CSF Mapper is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does NIST CSF Mapper support?
NIST CSF Mapper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created NIST CSF Mapper?
It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.0.
More Skills