📦 Iso Compliance Gap Analysis — ISO合规差距分析
v1.0.2一键对照 ISO 27001/27701/42001 条款,自动识别信息安全、隐私与 AI 治理缺口,生成差距清单与整改优先级,助您快速评估认证就绪度。
0· 355·1 当前·1 累计
by 下载技能包
最后更新
2026/3/16
安全扫描
OpenClaw
安全
high confidenceThe skill is internally consistent: it is an API-backed ISO gap analysis tool that legitimately requires curl and a single TOOLWEB_API_KEY to call its external service; there are no surprising installs or extra credentials requested.
评估建议
This skill behaves as an API client: it will send organization-identifying information and assessment answers to https://portal.toolweb.in and requires a TOOLWEB_API_KEY (billing is tracked per call). Before installing, confirm you trust ToolWeb’s privacy and billing policies, avoid sending high-risk secrets or highly sensitive data, and store the API key in a least-privilege, private location (not a shared/global config). Consider testing with non-sensitive sample data first, verify how many ca...详细分析 ▾
✓ 用途与能力
The name/description match the runtime requirements: the skill is instruction-only and explicitly calls ToolWeb's API to produce assessments. Requiring curl and an API key is proportional for an external-service gap-analysis capability.
ℹ 指令范围
The SKILL.md mandates making a POST to https://portal.toolweb.in/apis/compliance/iso-gap-analysis with organization details and answers to 23 assessment questions. This is expected for an API-driven analysis, but it does mean potentially sensitive organizational data will be transmitted to the external service — the skill also forbids answering from the model's own knowledge and requires the API call for every assessment.
✓ 安装机制
There is no install spec and no code files; the skill is instruction-only, so nothing is downloaded or written to disk by the skill itself. This is low-risk from an install/execution perspective.
ℹ 凭证需求
Only one required environment variable (TOOLWEB_API_KEY) is declared and used as the primary credential, which is appropriate for the described API-based workflow. However, the API key grants the external service access to perform/bill requests on behalf of the agent, so it should be treated as a sensitive secret and scoped/stored appropriately.
✓ 持久化与权限
The skill is not forced-always-active and does not request modification of other skills or system-wide settings. disable-model-invocation is false (normal), so the skill can be invoked by the agent when appropriate.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSLinux · macOS · Windows
版本
latestv1.0.22026/3/13
- Documentation (SKILL.md) reverted to the previous version; all content added in the last release has been removed. - No code or functional changes; skill logic and API interactions remain the same. - Content and instructions in SKILL.md now match version 1.0.0.
● 无害
安装命令
点击复制官方npx clawhub@latest install iso-compliance-gap-analysis
镜像加速npx clawhub@latest install iso-compliance-gap-analysis --registry https://cn.longxiaskill.com