← 返回 Skills 市场
1kalin

Cybersecurity Risk Assessment

作者 1kalin · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
898
总下载
5
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install afrexai-cybersecurity
功能描述
Conduct cybersecurity risk assessments by identifying assets, modeling threats, scoring vulnerabilities, mapping compliance, and creating incident response a...
使用说明 (SKILL.md)

Cybersecurity Risk Assessment

You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.

Process

1. Asset Inventory

Ask about or identify:

  • Critical systems (production servers, databases, SaaS platforms)
  • Data classification (PII, PHI, financial, IP, public)
  • Network topology (cloud, on-prem, hybrid)
  • Third-party integrations and vendor access

2. Threat Modeling (STRIDE)

For each critical asset, evaluate:

  • Spoofing — authentication weaknesses
  • Tampering — data integrity risks
  • Repudiation — audit trail gaps
  • Information Disclosure — data leakage vectors
  • Denial of Service — availability risks
  • Elevation of Privilege — access control flaws

3. Vulnerability Scoring

Rate each finding using Likelihood × Impact × Exposure (1-5 each):

Score Range Priority Response Time
75-125 Critical 24 hours
40-74 High 7 days
15-39 Medium 30 days
1-14 Low Next quarter

4. Compliance Mapping

Map findings to relevant frameworks:

  • SOC 2 — Trust Service Criteria (CC6, CC7, CC8)
  • ISO 27001 — Annex A controls
  • NIST CSF — Identify, Protect, Detect, Respond, Recover
  • CIS Controls — v8 Implementation Groups
  • HIPAA — Technical safeguards (§164.312)
  • PCI DSS — Requirements 1-12
  • GDPR — Article 32 security measures

5. Incident Response Playbook

Generate response procedures for top threats:

  • Detection triggers and alert thresholds
  • Containment steps (isolate, preserve, communicate)
  • Eradication and recovery procedures
  • Post-incident review template
  • Communication templates (internal, customer, regulatory)

6. Remediation Roadmap

Prioritize fixes by:

  • Risk score (highest first)
  • Implementation effort (quick wins early)
  • Compliance deadline pressure
  • Budget constraints

Output a 90-day action plan with owners, deadlines, and success metrics.

Output Format

Deliver a structured report with:

  1. Executive Summary (1 page — risk posture score, top 5 findings, budget ask)
  2. Detailed Findings (threat, score, evidence, remediation)
  3. Compliance Gap Matrix
  4. Incident Response Playbooks
  5. 90-Day Remediation Roadmap

Industry Benchmarks

  • Average cost of a data breach: $4.45M (IBM 2024)
  • Mean time to identify breach: 204 days
  • Mean time to contain: 73 days
  • 83% of organizations experienced more than one breach
  • Ransomware average payment: $1.54M

Built by AfrexAI — AI context packs for business automation.

安全使用建议
This skill is coherent and appears safe to install, but it is designed to gather sensitive information about your environment (assets, data classifications, vendor access, evidence). Before providing data, redact or avoid pasting secrets, credentials, full PII/PHI, or logs containing auth tokens. Use placeholder values where possible, and validate any remediation recommendations with a human security professional before applying changes. If you plan to have the agent perform active scans or access systems, configure scoped service accounts and secure credential storage rather than entering credentials directly into chat.
功能分析
Type: OpenClaw Skill Name: afrexai-cybersecurity Version: 1.0.0 The skill bundle provides a well-structured framework for an AI agent to perform cybersecurity risk assessments. All files, including SKILL.md and README.md, contain instructions and information consistent with this stated purpose. There is no evidence of malicious intent, data exfiltration, unauthorized command execution, obfuscation, or prompt injection attempts designed to make the agent deviate from its legitimate function. The links provided are for attribution and promotion of the developer's related services, which is standard practice.
能力评估
Purpose & Capability
Name and description match the SKILL.md: STRIDE threat modeling, vulnerability scoring, compliance mapping, incident response, and a 90-day remediation roadmap. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Runtime instructions ask the agent to elicit and document sensitive information (critical systems, PII/PHI classification, vendor access, evidence for findings). This is appropriate for a risk assessment, but it means the agent will request and handle sensitive organizational data — users should avoid pasting real credentials or secrets directly into the chat.
Install Mechanism
No install spec and no code files are included. Because the skill is instruction-only, nothing is written to disk and there are no remote downloads to evaluate.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The absence of requested credentials is proportionate to the skill being an advice/report generator rather than an automation that calls external APIs or systems.
Persistence & Privilege
always is false (default) and autonomous invocation is allowed (platform default). The skill does not request persistent privileges, system modifications, or configuration changes to other skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install afrexai-cybersecurity
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /afrexai-cybersecurity 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — provides a structured, expert cybersecurity risk assessment framework. - Guides users through asset inventory, threat modeling (STRIDE), vulnerability scoring, and compliance mapping. - Includes pre-defined compliance frameworks (SOC 2, ISO 27001, NIST CSF, CIS, HIPAA, PCI DSS, GDPR). - Offers a step-by-step incident response playbook and a prioritized remediation roadmap. - Outputs a detailed, formatted report covering executive summary, findings, compliance gaps, incident playbooks, and a 90-day action plan. - Provides up-to-date industry benchmarks for reference.
元数据
Slug afrexai-cybersecurity
版本 1.0.0
许可证
累计安装 3
当前安装数 3
历史版本数 1
常见问题

Cybersecurity Risk Assessment 是什么?

Conduct cybersecurity risk assessments by identifying assets, modeling threats, scoring vulnerabilities, mapping compliance, and creating incident response a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 898 次。

如何安装 Cybersecurity Risk Assessment?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install afrexai-cybersecurity」即可一键安装,无需额外配置。

Cybersecurity Risk Assessment 是免费的吗?

是的,Cybersecurity Risk Assessment 完全免费(开源免费),可自由下载、安装和使用。

Cybersecurity Risk Assessment 支持哪些平台?

Cybersecurity Risk Assessment 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Cybersecurity Risk Assessment?

由 1kalin(@1kalin)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论