← 返回 Skills 市场

Compliance Gap Filler

Name: Compliance Gap Filler
Author: krishnakumarmahadevan-cmd

作者 ToolWeb · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

131

总下载

当前安装

版本数

在 OpenClaw 中安装

/install compliance-gap-filler

功能描述

Identifies and fills compliance control gaps across security frameworks like ISO 27001, NIST, and SOC 2.

使用说明 (SKILL.md)

Overview

Compliance Gap Filler is a specialized API designed for security teams and compliance officers who need to identify missing controls and receive intelligent recommendations for remediation. It analyzes your current compliance posture against industry-standard frameworks and generates actionable gap-filling strategies.

This tool bridges the gap between compliance assessments and implementation by providing framework-specific guidance. Whether you're working with ISO 27001, NIST CSF, SOC 2, or other major frameworks, the API automatically maps your missing controls and suggests remediation pathways aligned with your chosen framework's requirements.

Ideal users include security architects, compliance managers, internal audit teams, managed security service providers (MSSPs), and organizations undergoing certification audits or regulatory assessments.

Usage

Sample Request

{
  "framework": "ISO 27001",
  "missing_controls": [
    "A.8.1.1 - User Registration and De-registration",
    "A.9.2.1 - User Access Management",
    "A.12.4.1 - Event Logging"
  ]
}

Sample Response

{
  "framework": "ISO 27001",
  "gap_analysis": [
    {
      "control": "A.8.1.1 - User Registration and De-registration",
      "severity": "high",
      "recommendation": "Implement a formal user access request and approval workflow with documented evidence of user on/off-boarding",
      "estimated_effort": "medium",
      "reference_standards": ["ISO 27001:2022"]
    },
    {
      "control": "A.9.2.1 - User Access Management",
      "severity": "critical",
      "recommendation": "Establish role-based access control (RBAC) with quarterly access reviews and segregation of duties",
      "estimated_effort": "high",
      "reference_standards": ["ISO 27001:2022", "NIST SP 800-53"]
    },
    {
      "control": "A.12.4.1 - Event Logging",
      "severity": "high",
      "recommendation": "Deploy centralized logging solution with minimum 90-day retention and real-time alerting for security events",
      "estimated_effort": "medium",
      "reference_standards": ["ISO 27001:2022", "SOC 2"]
    }
  ],
  "summary": {
    "total_gaps": 3,
    "critical_count": 1,
    "high_count": 2,
    "medium_count": 0,
    "implementation_priority": "address critical gaps within 30 days"
  }
}

Endpoints

POST /fill-compliance-gaps

Description: Analyzes missing controls within a specified compliance framework and returns gap analysis with remediation recommendations.

Method: POST

Path: /fill-compliance-gaps

Parameters:

Name	Type	Required	Description
`framework`	string	Yes	The compliance framework to analyze against (e.g., "ISO 27001", "NIST CSF", "SOC 2", "PCI-DSS", "HIPAA")
`missing_controls`	array	Yes	List of control identifiers or descriptions that are currently missing from your implementation

Request Body Schema:

{
  "framework": "string",
  "missing_controls": ["string"]
}

Response (200 OK):

Returns a gap analysis object containing framework-specific remediation guidance for each missing control, severity levels, implementation effort estimates, and cross-reference standards.

Response (422 Validation Error):

{
  "detail": [
    {
      "loc": ["body", "framework"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

Pricing

Plan	Calls/Day	Calls/Month	Price
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/compliance/gap-filler
API Docs: https://api.mkkpro.com:8024/docs

安全使用建议

This skill will direct an agent to send your compliance data to external endpoints (api.mkkpro.com / toolweb.in). Before installing or invoking it: 1) Confirm where network requests actually go and whether the API requires an API key; ask the author for authentication details and their privacy/TOS for stored data. 2) Do not send real/proprietary compliance evidence until you verify retention, access controls, and encryption. 3) Test with non-sensitive dummy data first. 4) If you need strict data control, prefer a self-hosted or internal tool that doesn't call unknown third parties. 5) If you allow the skill, consider restricting agent autonomy or monitoring outbound network calls so sensitive information isn't unintentionally transmitted.

功能分析

Type: OpenClaw Skill Name: compliance-gap-filler Version: 1.0.0 The Compliance Gap Filler skill is a legitimate API wrapper designed to provide remediation recommendations for security frameworks like ISO 27001 and NIST. The documentation (SKILL.md) and API definition (openapi.json) describe a standard service that processes user-provided compliance data via an external endpoint (api.mkkpro.com) without any indicators of malicious execution, data exfiltration, or prompt injection.

能力评估

ℹ Purpose & Capability

The name/description and the included OpenAPI both describe a service that analyzes compliance gaps — that is coherent. However, the SKILL.md advertises an external API and commercial pricing but declares no authentication or credential requirements, which is unexpected for a paid API and worth clarifying.

⚠ Instruction Scope

Runtime instructions reference POST /fill-compliance-gaps and provide example requests/responses and external URLs (api.mkkpro.com, toolweb.in). That means the agent will send user-supplied control lists (potentially sensitive compliance data) to an external service; the skill does not document how data is authenticated, stored, or protected.

✓ Install Mechanism

Instruction-only skill with no install spec or code files. This minimizes on-disk risk; there is no downloaded or executable payload.

⚠ Credentials

No env vars, credentials, or primary credential are declared, yet the SKILL.md references paid plans and third-party API endpoints that commonly require API keys. The absence of declared auth is disproportionate and ambiguous — the agent might send data without explicit credentials or guidance.

✓ Persistence & Privilege

The skill is not always-enabled and has no install or config changes. It does not request elevated persistence or modify other skills.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install compliance-gap-filler
安装完成后，直接呼叫该 Skill 的名称或使用 /compliance-gap-filler 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of Compliance Gap Filler. - Identifies missing controls across frameworks like ISO 27001, NIST, SOC 2, and provides actionable remediation guidance. - Supports POST /fill-compliance-gaps endpoint for automated gap analysis and recommendations. - Delivers severity ratings, effort estimates, and cross-framework references for each control gap. - Tiered pricing plans available, from Free to Enterprise.

元数据

Slug compliance-gap-filler

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题