Conduct cybersecurity risk assessments by identifying assets, modeling threats, scoring vulnerabilities, mapping compliance, and creating incident response a...
Security Analysis
high confidenceThis is an instruction-only cybersecurity assessment skill that is internally consistent with its stated purpose, requests no installs or credentials, and doesn't contain hidden endpoints or unexpected actions — though it will ask users for sensitive asset information as part of normal operation.
Name and description match the SKILL.md: STRIDE threat modeling, vulnerability scoring, compliance mapping, incident response, and a 90-day remediation roadmap. No unrelated binaries, env vars, or config paths are requested.
Runtime instructions ask the agent to elicit and document sensitive information (critical systems, PII/PHI classification, vendor access, evidence for findings). This is appropriate for a risk assessment, but it means the agent will request and handle sensitive organizational data — users should avoid pasting real credentials or secrets directly into the chat.
No install spec and no code files are included. Because the skill is instruction-only, nothing is written to disk and there are no remote downloads to evaluate.
The skill declares no required environment variables, no primary credential, and no config paths. The absence of requested credentials is proportionate to the skill being an advice/report generator rather than an automation that calls external APIs or systems.
always is false (default) and autonomous invocation is allowed (platform default). The skill does not request persistent privileges, system modifications, or configuration changes to other skills.
Guidance
This skill is coherent and appears safe to install, but it is designed to gather sensitive information about your environment (assets, data classifications, vendor access, evidence). Before providing data, redact or avoid pasting secrets, credentials, full PII/PHI, or logs containing auth tokens. Use placeholder values where possible, and validate any remediation recommendations with a human security professional before applying changes. If you plan to have the agent perform active scans or access systems, configure scoped service accounts and secure credential storage rather than entering credentials directly into chat.
Latest Release
v1.0.0
Initial release — provides a structured, expert cybersecurity risk assessment framework. - Guides users through asset inventory, threat modeling (STRIDE), vulnerability scoring, and compliance mapping. - Includes pre-defined compliance frameworks (SOC 2, ISO 27001, NIST CSF, CIS, HIPAA, PCI DSS, GDPR). - Offers a step-by-step incident response playbook and a prioritized remediation roadmap. - Outputs a detailed, formatted report covering executive summary, findings, compliance gaps, incident playbooks, and a 90-day action plan. - Provides up-to-date industry benchmarks for reference.
More by @1kalin
Published by @1kalin on ClawHub
