← Back to Skills Marketplace
229
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install toolweb-iso27001-policy-generator
Description
Generate customized ISO 27001:2022 aligned information security policy documents based on your company's profile, infrastructure, and compliance needs.
Usage Guidance
This skill appears to be a front-end for a hosted policy-generation API (portal.toolweb.in) and would send detailed organizational data to that external service. Before installing or using it: (1) Confirm the provider's identity, privacy policy, and data handling/security practices; (2) Ask why the API key requirement is not declared in the skill metadata and how the key will be supplied and stored; (3) Do not submit real PII or sensitive security posture data in initial tests — try non-sensitive sample inputs first; (4) Prefer a local/offline generator if you must keep data in-house; (5) If you proceed, create a limited-scope/test API key and monitor outbound requests; (6) If uncertain about trustworthiness, decline or require source code/auditable implementation that does generation locally rather than posting your data to an unknown third party.
Capability Analysis
Type: OpenClaw Skill
Name: toolweb-iso27001-policy-generator
Version: 1.0.0
The skill bundle defines a tool for generating ISO 27001 policies by submitting organizational context to an external API at portal.toolweb.in. While the tool requests sensitive information (e.g., infrastructure details, data types, and compliance requirements), this behavior is transparently documented and directly aligned with its stated purpose. No malicious code, prompt injection, or deceptive instructions were found in SKILL.md or _meta.json.
Capability Assessment
Purpose & Capability
The name and description (ISO 27001 policy generator) match the SKILL.md usage and example outputs. However, the SKILL.md documents an external hosted API (https://portal.toolweb.in/...) as the service that actually performs generation; the skill metadata does not disclose that it relies on an external service or list the required API credential.
Instruction Scope
The instructions expect the agent to POST full organization profiles (company name, infrastructure, data types, locations, etc.) to an external endpoint. That means potentially sensitive PII and security posture data would be transmitted off-host. The SKILL.md requires all input fields and shows how to authenticate, so data exfiltration to a third party is an implicit behavior that is not highlighted in metadata or provenance.
Install Mechanism
Instruction-only skill with no install steps or code files — nothing is written to disk or installed, which reduces supply-chain risk.
Credentials
The API reference requires an API key (X-API-Key or mcp_api_key) but the skill's declared requirements list no environment variables or primary credential. That omission is an inconsistency: a credential is needed by the API but is not declared in metadata, and the SKILL.md does not explain how the key is to be provided safely. Additionally, the skill requests highly sensitive organization data which is disproportionate unless you trust the external service.
Persistence & Privilege
Flags such as always:false and default invocation settings are normal. The skill does not request persistent system privileges or to modify other skills; no unusual persistence or privilege escalation is requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install toolweb-iso27001-policy-generator - After installation, invoke the skill by name or use
/toolweb-iso27001-policy-generator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the ISO 27001 Policy Generator.
- Instantly generate organization-specific ISO 27001:2022 policy documents based on detailed company and infrastructure inputs.
- Supports multiple policy types, compliance requirements (including GDPR, RBI guidelines), and maps to ISO 27001 Annex A controls.
- Output includes full policy documents, implementation checklists, ownership guidance, and review cycles.
- Public API available with free and paid plans.
Metadata
Frequently Asked Questions
What is ISO 27001 Policy Generator?
Generate customized ISO 27001:2022 aligned information security policy documents based on your company's profile, infrastructure, and compliance needs. It is an AI Agent Skill for Claude Code / OpenClaw, with 229 downloads so far.
How do I install ISO 27001 Policy Generator?
Run "/install toolweb-iso27001-policy-generator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ISO 27001 Policy Generator free?
Yes, ISO 27001 Policy Generator is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ISO 27001 Policy Generator support?
ISO 27001 Policy Generator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ISO 27001 Policy Generator?
It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.0.
More Skills