← Back to Skills Marketplace
krishnakumarmahadevan-cmd

Enterprise AI Security Controls Assessment

by ToolWeb · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
229
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install enterprise-ai-security-controls-assessment
Description
Assess OT/ICS security posture across 30 controls in 6 principles — Business Driven, Risk Based, Enterprise Wide, Methodical, OT Security Focused, and OT Sec...
README (SKILL.md)

Enterprise AI Security Controls Assessment

Assess your organization's AI security posture across 12 enterprise domains — Identity & Access, Data Protection, Prompt Injection Defense, Model Protection, API Security, Agent Permissioning, Output Filtering, Monitoring & Anomaly Detection, Compliance Mapping, Incident Response, Encryption & KMS, and Risk Intelligence. Each domain covers 5 controls (60 total) and produces prioritized remediation guidance.

Usage

{
  "tool": "enterprise_ai_security_controls_assessment",
  "input": {
    "organization_name": "Acme Corp",
    "industry": "Financial Services",
    "ai_maturity": "intermediate",
    "domains_to_assess": ["identity_access", "prompt_injection_defense", "api_security"],
    "current_controls": {
      "identity_access": {
        "mfa_enabled": true,
        "rbac_implemented": false,
        "service_account_rotation": "manual"
      },
      "prompt_injection_defense": {
        "input_validation": "basic",
        "system_prompt_hardening": false,
        "canary_tokens": false
      }
    }
  }
}

Parameters

Parameter Type Required Description
organization_name string Name of the organization being assessed
industry string Industry vertical (e.g., Financial Services, Healthcare, Retail)
ai_maturity string Current AI maturity level: beginner, intermediate, advanced
domains_to_assess array Subset of domain keys to assess. Omit to assess all 12 domains
current_controls object Key-value map of existing controls per domain (see domain keys below)

Domain Keys

Key Domain
identity_access Identity & Access Control
data_protection Data Protection
prompt_injection_defense Prompt Injection Defense
model_protection Model Protection
api_security API Security
agent_permissioning Agent Permissioning
output_filtering Output Filtering
monitoring_anomaly Monitoring & Anomaly Detection
compliance_mapping Compliance Mapping
incident_response Incident Response
encryption_kms Encryption & Key Management (KMS)
risk_intelligence Risk Intelligence

What You Get

  • Domain-by-domain scorecard — maturity rating per domain (Initial / Developing / Defined / Managed / Optimizing)
  • Control gap analysis — which of the 60 controls are missing, partial, or implemented
  • Prioritized remediation roadmap — Quick Wins (0–30 days), Medium-term (30–90 days), Strategic (90+ days)
  • Compliance alignment — mapped to NIST AI RMF, ISO 42001, SOC 2, and GDPR where applicable
  • Executive summary — board-ready summary of AI security posture

Example Output

{
  "organization": "Acme Corp",
  "overall_maturity": "Developing",
  "overall_score": 42,
  "domain_scores": {
    "identity_access": { "score": 60, "maturity": "Defined", "gaps": 2 },
    "prompt_injection_defense": { "score": 20, "maturity": "Initial", "gaps": 4 },
    "api_security": { "score": 55, "maturity": "Developing", "gaps": 2 }
  },
  "top_risks": [
    "No system prompt hardening exposes models to override attacks",
    "RBAC not implemented — lateral movement risk across AI services",
    "No canary token monitoring for prompt exfiltration"
  ],
  "quick_wins": [
    "Enable RBAC on all AI service accounts (3 days)",
    "Deploy input sanitization layer before LLM endpoints (7 days)",
    "Rotate all AI API keys and set expiry policies (1 day)"
  ],
  "compliance_gaps": ["NIST AI RMF: GOVERN-1.1", "ISO 42001: 6.1.2", "SOC 2: CC6.1"]
}

API Reference

Base URL: https://portal.toolweb.in/apis/security/entaisecconass

Endpoint Method Description
/ GET Health check
/api/ai-security/assess POST Run full assessment
/api/ai-security/domains GET List all 12 domain definitions
/api/ai-security/domain/{domain_key} GET Get details for a specific domain

Authentication: Pass your API key as X-API-Key header or mcp_api_key argument via MCP.

Pricing

Plan Daily Limit Monthly Limit Price
Free 5 / day 50 / month $0
Developer 20 / day 500 / month $39
Professional 200 / day 5,000 / month $99
Enterprise 100,000 / day 1,000,000 / month $299

About

ToolWeb.in — 200+ security APIs, CISSP & CISM certified, built for enterprise AI security practitioners.

Platforms: Pay-per-run · API Gateway · MCP Server · OpenClaw · RapidAPI · YouTube

Usage Guidance
This appears to be an external API-backed assessment tool, but there are a few red flags to resolve before installing: (1) Ask the publisher to clarify the discrepancy between the initial metadata (30 controls / 6 principles) and the SKILL.md (12 domains / 60 controls). (2) Confirm how the API key should be supplied — demand an explicit required-env declaration (for example, ENTERPRISE_ASSESSMENT_API_KEY) or integration with your secret manager; do not paste org secrets into free-form prompts. (3) Verify the external endpoint (portal.toolweb.in) and the publisher identity (toolweb.in) — check TLS certs, WHOIS, company pages, and references to ensure it's a legitimate vendor. (4) Consider privacy: the skill will transmit organizational security posture data to a third party; test with non-sensitive sample data first and review the vendor's data handling / retention policies and pricing limits. (5) If you need to allow network calls only to approved endpoints, restrict them to the vendor domain and require the vendor to document required headers, scopes, and a least-privilege key. If these clarifications are not provided, treat the skill as untrusted and avoid sending real organizational secrets or sensitive configuration data.
Capability Analysis
Type: OpenClaw Skill Name: enterprise-ai-security-controls-assessment Version: 1.2.0 The skill bundle consists of documentation (SKILL.md) and metadata (_meta.json) for an AI security assessment tool. It defines an interface for an AI agent to send organizational security posture data to a third-party API (portal.toolweb.in) to generate a maturity report. The behavior is transparent and aligned with its stated purpose of security auditing, with no evidence of malicious code, hidden instructions, or unauthorized data exfiltration.
Capability Assessment
Purpose & Capability
The SKILL.md describes an enterprise AI security assessment (domains, scoring, remediation) which aligns with the skill name. However the top-level metadata/description provided to the evaluator ("30 controls in 6 principles") contradicts the SKILL.md (12 domains, 60 controls). Also the skill expects an external assessment API (portal.toolweb.in), which is plausible for this purpose but should have been declared as an external dependency or credential requirement.
Instruction Scope
Runtime instructions are instruction-only and call a third-party API (portal.toolweb.in) and expect an API key (X-API-Key or mcp_api_key). The SKILL.md does not instruct the agent to read local files or unrelated environment variables, which is good, but it does direct potentially sensitive organizational data to an external endpoint without declaring how that credential is supplied or scoped.
Install Mechanism
No install spec or code files are present (instruction-only). This minimizes filesystem/write risk; there is no binary download or archive extraction.
Credentials
The SKILL.md requires an API key to authenticate to portal.toolweb.in but the skill metadata declares no required environment variables or primary credential. That mismatch is disproportionate: a network-backed assessment tool should explicitly declare how credentials are passed and which env var (or secret) it needs.
Persistence & Privilege
Skill is not marked always:true and requests no system-level config or persistent presence. Autonomous invocation is allowed (platform default) but not combined with elevated privileges here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install enterprise-ai-security-controls-assessment
  3. After installation, invoke the skill by name or use /enterprise-ai-security-controls-assessment
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
- Major update: Skill rebranded and expanded from OT/ICS to Enterprise AI Security Controls Assessment. - Now covers 12 AI security domains (60 controls) such as Identity & Access, Prompt Injection Defense, API Security, Monitoring, Compliance, and more. - Inputs and outputs are standardized for enterprise AI security, including maturity ratings, gap analysis, prioritized remediation, and compliance alignment. - Detailed API reference, pricing tiers, and domain keys provided. - README file removed; core documentation is now in SKILL.md.
v1.0.0
- Initial release of Enterprise AI Security Controls Assessment. - Assess AI security posture across 12 enterprise domains with 60 total controls. - Generates domain-by-domain scorecards, control gap analysis, prioritized remediation roadmap, and executive summary. - Includes compliance mapping to NIST AI RMF, ISO 42001, SOC 2, and GDPR. - Provides a detailed API reference and transparent pricing plans.
Metadata
Slug enterprise-ai-security-controls-assessment
Version 1.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Enterprise AI Security Controls Assessment?

Assess OT/ICS security posture across 30 controls in 6 principles — Business Driven, Risk Based, Enterprise Wide, Methodical, OT Security Focused, and OT Sec... It is an AI Agent Skill for Claude Code / OpenClaw, with 229 downloads so far.

How do I install Enterprise AI Security Controls Assessment?

Run "/install enterprise-ai-security-controls-assessment" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Enterprise AI Security Controls Assessment free?

Yes, Enterprise AI Security Controls Assessment is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Enterprise AI Security Controls Assessment support?

Enterprise AI Security Controls Assessment is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Enterprise AI Security Controls Assessment?

It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments