← 返回 Skills 市场
krishnakumarmahadevan-cmd

ISO 27001 Policy Generator

作者 ToolWeb · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
229
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install toolweb-iso27001-policy-generator
功能描述
Generate customized ISO 27001:2022 aligned information security policy documents based on your company's profile, infrastructure, and compliance needs.
安全使用建议
This skill appears to be a front-end for a hosted policy-generation API (portal.toolweb.in) and would send detailed organizational data to that external service. Before installing or using it: (1) Confirm the provider's identity, privacy policy, and data handling/security practices; (2) Ask why the API key requirement is not declared in the skill metadata and how the key will be supplied and stored; (3) Do not submit real PII or sensitive security posture data in initial tests — try non-sensitive sample inputs first; (4) Prefer a local/offline generator if you must keep data in-house; (5) If you proceed, create a limited-scope/test API key and monitor outbound requests; (6) If uncertain about trustworthiness, decline or require source code/auditable implementation that does generation locally rather than posting your data to an unknown third party.
功能分析
Type: OpenClaw Skill Name: toolweb-iso27001-policy-generator Version: 1.0.0 The skill bundle defines a tool for generating ISO 27001 policies by submitting organizational context to an external API at portal.toolweb.in. While the tool requests sensitive information (e.g., infrastructure details, data types, and compliance requirements), this behavior is transparently documented and directly aligned with its stated purpose. No malicious code, prompt injection, or deceptive instructions were found in SKILL.md or _meta.json.
能力评估
Purpose & Capability
The name and description (ISO 27001 policy generator) match the SKILL.md usage and example outputs. However, the SKILL.md documents an external hosted API (https://portal.toolweb.in/...) as the service that actually performs generation; the skill metadata does not disclose that it relies on an external service or list the required API credential.
Instruction Scope
The instructions expect the agent to POST full organization profiles (company name, infrastructure, data types, locations, etc.) to an external endpoint. That means potentially sensitive PII and security posture data would be transmitted off-host. The SKILL.md requires all input fields and shows how to authenticate, so data exfiltration to a third party is an implicit behavior that is not highlighted in metadata or provenance.
Install Mechanism
Instruction-only skill with no install steps or code files — nothing is written to disk or installed, which reduces supply-chain risk.
Credentials
The API reference requires an API key (X-API-Key or mcp_api_key) but the skill's declared requirements list no environment variables or primary credential. That omission is an inconsistency: a credential is needed by the API but is not declared in metadata, and the SKILL.md does not explain how the key is to be provided safely. Additionally, the skill requests highly sensitive organization data which is disproportionate unless you trust the external service.
Persistence & Privilege
Flags such as always:false and default invocation settings are normal. The skill does not request persistent system privileges or to modify other skills; no unusual persistence or privilege escalation is requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install toolweb-iso27001-policy-generator
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /toolweb-iso27001-policy-generator 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the ISO 27001 Policy Generator. - Instantly generate organization-specific ISO 27001:2022 policy documents based on detailed company and infrastructure inputs. - Supports multiple policy types, compliance requirements (including GDPR, RBI guidelines), and maps to ISO 27001 Annex A controls. - Output includes full policy documents, implementation checklists, ownership guidance, and review cycles. - Public API available with free and paid plans.
元数据
Slug toolweb-iso27001-policy-generator
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

ISO 27001 Policy Generator 是什么?

Generate customized ISO 27001:2022 aligned information security policy documents based on your company's profile, infrastructure, and compliance needs. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 229 次。

如何安装 ISO 27001 Policy Generator?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install toolweb-iso27001-policy-generator」即可一键安装,无需额外配置。

ISO 27001 Policy Generator 是免费的吗?

是的,ISO 27001 Policy Generator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

ISO 27001 Policy Generator 支持哪些平台?

ISO 27001 Policy Generator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 ISO 27001 Policy Generator?

由 ToolWeb(@krishnakumarmahadevan-cmd)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论