← 返回 Skills 市场
240
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install toolweb-soc2-readiness
功能描述
Assess your organization's SOC 2 audit readiness with scores, gap analysis, audit type advice, and a prioritized remediation roadmap across all Trust Service...
安全使用建议
This skill appears to rely on an external service (portal.toolweb.in) and requires an API key to run, but the package metadata does not declare that credential — that's an inconsistency. Before installing or using it: 1) Verify the publisher and the portal.toolweb.in domain (TLS cert, company/legal info, privacy policy, and reputation). 2) Confirm where assessment data is sent, how long it is retained, and whether it will be shared with third parties. 3) Insist the skill declare required env vars (e.g., TOOLWEB_API_KEY) so credential usage is visible at install time. 4) Test with non-sensitive/dummy data first. 5) If you must supply real organisation data, provision a scoped API key with minimal privileges and short TTL, and ensure communication is over HTTPS. 6) If you cannot verify the service provenance or data handling, prefer an offline/local assessment workflow or a vetted vendor.
功能分析
Type: OpenClaw Skill
Name: toolweb-soc2-readiness
Version: 1.0.0
The skill bundle describes a SOC 2 Readiness Checker that collects high-level organizational security posture information via a questionnaire to provide a compliance gap analysis. The tool interacts with a legitimate-appearing external API (portal.toolweb.in) and does not contain any executable code, local data exfiltration logic, or prompt injection attempts in SKILL.md.
能力评估
Purpose & Capability
The described capability (assessing SOC 2 readiness) matches the SKILL.md content and example input/output. However, the SKILL.md expects use of an external API (portal.toolweb.in) and an API key for authentication, yet the skill package declares no required environment variables or primary credential. That omission is inconsistent with the skill's stated runtime behavior.
Instruction Scope
The instructions direct the agent to POST assessment data to https://portal.toolweb.in/apis/compliance/soc2-readiness and to authenticate with an API key (X-API-Key or mcp_api_key). The assessment input contains organization-level controls which can be sensitive. The SKILL.md therefore causes external transmission of organizational data; the skill does not declare constraints on what may be sent nor any local-only mode. There is no explicit instruction about redacting PII or minimizing data sent.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which reduces disk-write risk. No download URLs or package installs are present.
Credentials
The API reference requires an API key, but the skill metadata declares no required env vars or primary credential. Requesting (or implicitly requiring) an API key for an external service without declaring it is disproportionate and a provenance/visibility issue: users won't be prompted to supply or review the credential requirement when installing. Additionally, the skill would accept and transmit many organization-specific fields (cloud services, controls, backups, etc.), which are sensitive — that level of access should be explicit and justified.
Persistence & Privilege
The skill has not requested always:true, does not declare persistent system installs, and is user-invocable only. Autonomous invocation is allowed by platform default but not excessive here. No modifications to other skills or global agent settings are indicated.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install toolweb-soc2-readiness - 安装完成后,直接呼叫该 Skill 的名称或使用
/toolweb-soc2-readiness触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of SOC 2 Readiness Checker.
- Instantly assess SOC 2 readiness for Security, Availability, Processing Integrity, Confidentiality, and Privacy.
- Receive a readiness score, detailed gap analysis, prioritized remediation roadmap, and evidence checklist.
- Get tailored recommendations for SOC 2 Type I vs. Type II audit.
- API access with tiered pricing and extensive documentation available.
元数据
常见问题
SOC 2 Readiness Checker 是什么?
Assess your organization's SOC 2 audit readiness with scores, gap analysis, audit type advice, and a prioritized remediation roadmap across all Trust Service... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 240 次。
如何安装 SOC 2 Readiness Checker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install toolweb-soc2-readiness」即可一键安装,无需额外配置。
SOC 2 Readiness Checker 是免费的吗?
是的,SOC 2 Readiness Checker 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
SOC 2 Readiness Checker 支持哪些平台?
SOC 2 Readiness Checker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SOC 2 Readiness Checker?
由 ToolWeb(@krishnakumarmahadevan-cmd)开发并维护,当前版本 v1.0.0。
推荐 Skills