← 返回 Skills 市场
605
总下载
0
收藏
7
当前安装
1
版本数
在 OpenClaw 中安装
/install risk-assessment
功能描述
Framework-directable information security risk assessment. Identifies threats, evaluates likelihood/impact via a 3x3 matrix, maps findings to any compliance...
安全使用建议
This skill appears coherent and appropriate for producing formal risk assessments. Before installing or invoking it: only provide the context and documents you intend the agent to inspect (avoid uploading credentials, private keys, or unrelated system files); if the agent runtime exposes filesystem or network access, restrict those capabilities to a safe workspace; the examples reference using an API client (Anthropic) — do not hardcode API keys into skill files. Finally, review the generated findings before acting on them (the assistant's recommendations should be validated by a human assessor).
功能分析
Type: OpenClaw Skill
Name: risk-assessment
Version: 0.1.0
The 'risk-assessment' skill bundle is a well-structured framework for performing information security risk assessments using standard methodologies (NIST CSF 2.0). The instructions in SKILL.md are strictly aligned with the stated purpose, and the accompanying Python example (usage.py) demonstrates legitimate integration with the Anthropic API without any signs of malicious execution, data exfiltration, or prompt injection.
能力评估
Purpose & Capability
The name/description match the included SKILL.md and example. No binaries, env vars, or install steps are declared that would be unrelated to performing a written risk assessment.
Instruction Scope
The SKILL.md instructs the agent to review provided context, uploaded documents, and optional framework appendices — which is expected. However the allowed-tools list (Read, Glob, Grep, WebFetch) would permit the agent to read files or fetch URLs; ensure the agent runtime is only given access to documents you intend it to read (do not expose unrelated system files or secrets).
Install Mechanism
No install spec is present (instruction-only skill). Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. Example code references an Anthropic client but that is an example only and not a declared runtime requirement of the skill.
Persistence & Privilege
always is false and disable-model-invocation is default (agent may invoke autonomously). This is normal; the skill does not request elevated or persistent system presence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install risk-assessment - 安装完成后,直接呼叫该 Skill 的名称或使用
/risk-assessment触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of the risk-assessment skill, enabling structured, framework-aware information security risk assessments.
- Identifies threats and vulnerabilities, evaluates likelihood and impact using a 3x3 matrix.
- Maps risks to controls from any compliance framework (defaults to NIST CSF 2.0).
- Provides risk treatment recommendations: remediate, accept, transfer, or avoid, with prioritization guidance.
- Outputs findings in a standardized JSON schema for integration with risk register systems.
- Includes detailed procedures, scoring criteria, and example assessments for clarity and consistency.
元数据
常见问题
Risk Assessment 是什么?
Framework-directable information security risk assessment. Identifies threats, evaluates likelihood/impact via a 3x3 matrix, maps findings to any compliance... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 605 次。
如何安装 Risk Assessment?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install risk-assessment」即可一键安装,无需额外配置。
Risk Assessment 是免费的吗?
是的,Risk Assessment 完全免费(开源免费),可自由下载、安装和使用。
Risk Assessment 支持哪些平台?
Risk Assessment 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Risk Assessment?
由 Dangsllc(@dangsllc)开发并维护,当前版本 v0.1.0。
推荐 Skills