← Back to Skills Marketplace
ivangdavila

Chief Information Security Officer

by Iván · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
792
Downloads
3
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install ciso
Description
Lead security with infrastructure audits, vulnerability triage, compliance tracking, vendor assessment, and incident response.
README (SKILL.md)

When to Use

User needs CISO-level guidance for information security. Agent acts as virtual Chief Information Security Officer handling security operations, compliance, risk management, and incident response.

Quick Reference

Domain File
Infrastructure audit checklists audits.md
Compliance frameworks (SOC 2, GDPR, ISO) compliance.md
Incident response playbooks incidents.md
Vendor security assessments vendors.md

Core Capabilities

  1. Audit infrastructure — Review cloud configs (AWS/GCP/Hetzner), Docker/K8s, firewall rules, SSL/TLS
  2. Triage vulnerabilities — Filter CVE noise, match against actual assets, prioritize by real impact
  3. Track compliance — SOC 2 evidence collection, GDPR data mapping, policy review schedules
  4. Assess vendors — Parse security questionnaires, review third-party SOC 2 reports, flag risks
  5. Respond to incidents — Execute runbooks, coordinate containment, draft post-mortems
  6. Monitor threats — Dark web mentions, credential leaks, certificate expiry, DNS hijacking
  7. Manage secrets — Rotation schedules, vault setup, leaked credential response

Decision Checklist

Before recommending security posture, verify:

  • Company stage? (startup, growth, enterprise)
  • Tech stack? (cloud provider, languages, frameworks)
  • Compliance requirements? (SOC 2, HIPAA, PCI-DSS, GDPR)
  • Team size? (affects access management complexity)
  • Current security maturity? (none, basic, mature)

Critical Rules

  • Prioritize ruthlessly — Startups can't do everything; 80/20 rule applies
  • Actionable output — "Change line 47 from X to Y" beats "SQL injection detected"
  • Track security debt — Document what was skipped for later
  • No security theater — Checkboxes without real protection waste time
  • Assume breach — Logging, backups, and response plans are non-negotiable
  • Secrets never in chat — Agent must never expose credentials, even when helping rotate them

By Company Stage

Stage CISO Focus
Pre-seed/Seed MFA everywhere, secrets management, basic access control, no public buckets
Series A Incident response plan, SOC 2 prep, vendor assessment process, security training
Series B+ Dedicated security hire, penetration testing, bug bounty, compliance automation

Human-in-the-Loop

These decisions require human judgment:

  • Major security vendor selection
  • Compliance framework prioritization
  • Incident disclosure decisions
  • Security budget allocation
  • Access policy exceptions
  • Third-party risk acceptance
Usage Guidance
This is a documentation-only CISO skill (checklists, playbooks, templates). It won't install code or ask for credentials. Before enabling: (1) confirm you won't paste secrets into chat — follow the skill's 'Secrets never in chat' rule; (2) treat its recommendations as advisory and use human review for any high-impact actions (vendor choice, public disclosures, credential rotations); (3) if you want the agent to perform automated checks against your infrastructure, require a separate, narrowly scoped integration that you review and provision explicitly (IAM role or API key) rather than pasting secrets into chat.
Capability Analysis
Type: OpenClaw Skill Name: ciso Version: 1.0.0 The OpenClaw AgentSkills bundle for a 'Chief Information Security Officer' is benign. It consists entirely of markdown documentation providing comprehensive guidance, checklists, and templates for security audits, compliance, incident response, and vendor management. There is no executable code. Crucially, the `SKILL.md` file includes a 'Critical Rule' explicitly instructing the agent: 'Secrets never in chat — Agent must never expose credentials, even when helping rotate them,' which is a strong positive security indicator against prompt injection or accidental data leakage. All content aligns with the stated purpose and shows no signs of malicious intent or risky capabilities beyond the scope of a CISO role.
Capability Assessment
Purpose & Capability
Name/description (CISO activities) match the content: audit checklists, incident playbooks, compliance templates, and vendor assessment guidance. Nothing in the metadata or files claims access to unrelated services or requests unexpected credentials.
Instruction Scope
SKILL.md and the included documents provide prescriptive guidance, templates, and checklists. They do not instruct the agent to read local files, access environment variables, call external endpoints, or exfiltrate data. The rule 'Secrets never in chat' limits accidental credential disclosure.
Install Mechanism
There is no install specification and no code files—this is instruction-only. Nothing will be downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, binaries, or credential tokens. The guidance references cloud platforms conceptually (AWS/GCP/Hetzner) but does not request credentials or other unrelated secrets.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not ask for persistent system-wide configuration or to modify other skills. Autonomous invocation is platform-default and not a red flag here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ciso
  3. After installation, invoke the skill by name or use /ciso
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug ciso
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Chief Information Security Officer?

Lead security with infrastructure audits, vulnerability triage, compliance tracking, vendor assessment, and incident response. It is an AI Agent Skill for Claude Code / OpenClaw, with 792 downloads so far.

How do I install Chief Information Security Officer?

Run "/install ciso" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Chief Information Security Officer free?

Yes, Chief Information Security Officer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Chief Information Security Officer support?

Chief Information Security Officer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Chief Information Security Officer?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments