技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 4 · 573 · 0 current installs · 0 all-time installs
⭐ 4
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:1kalin/afrexai-cybersecurity
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
This is an instruction-only cybersecurity assessment skill that is internally consistent with its stated purpose, requests no installs or credentials, and doesn't contain hidden endpoints or unexpected actions — though it will ask users for sensitive asset information as part of normal operation.
目的
Name and description match the SKILL.md: STRIDE threat modeling, vulnerability scoring, compliance mapping, incident response, and a 90-day remediation roadmap. No unrelated binaries, env vars, or config paths are requested.
说明范围
Runtime instructions ask the agent to elicit and document sensitive information (critical systems, PII/PHI classification, vendor access, evidence for findings). This is appropriate for a risk assessment, but it means the agent will request and handle sensitive organizational data — users should avoid pasting real credentials or secrets directly into the chat.
安装机制
No install spec and no code files are included. Because the skill is instruction-only, nothing is written to disk and there are no remote downloads to evaluate.
证书
The skill declares no required environment variables, no primary credential, and no config paths. The absence of requested credentials is proportionate to the skill being an advice/report generator rather than an automation that calls external APIs or systems.
持久
always is false (default) and autonomous invocation is allowed (platform default). The skill does not request persistent privileges, system modifications, or configuration changes to other skills.
综合结论
This skill is coherent and appears safe to install, but it is designed to gather sensitive information about your environment (assets, data classifications, vendor access, evidence). Before providing data, redact or avoid pasting secrets, credentials, full PII/PHI, or logs containing auth tokens. Use placeholder values where possible, and validate any remediation recommendations with a human security professional before applying changes. If yo…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Cybersecurity Risk Assessment」。简介:Conduct cybersecurity risk assessments by identifying assets, modeling threats,…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/1kalin/afrexai-cybersecurity/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
# Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
## Process
### 1. Asset Inventory
Ask about or identify:
- Critical systems (production servers, databases, SaaS platforms)
- Data classification (PII, PHI, financial, IP, public)
- Network topology (cloud, on-prem, hybrid)
- Third-party integrations and vendor access
### 2. Threat Modeling (STRIDE)
For each critical asset, evaluate:
- **S**poofing — authentication weaknesses
- **T**ampering — data integrity risks
- **R**epudiation — audit trail gaps
- **I**nformation Disclosure — data leakage vectors
- **D**enial of Service — availability risks
- **E**levation of Privilege — access control flaws
### 3. Vulnerability Scoring
Rate each finding using Likelihood × Impact × Exposure (1-5 each):
| Score Range | Priority | Response Time |
|------------|----------|--------------|
| 75-125 | Critical | 24 hours |
| 40-74 | High | 7 days |
| 15-39 | Medium | 30 days |
| 1-14 | Low | Next quarter |
### 4. Compliance Mapping
Map findings to relevant frameworks:
- **SOC 2** — Trust Service Criteria (CC6, CC7, CC8)
- **ISO 27001** — Annex A controls
- **NIST CSF** — Identify, Protect, Detect, Respond, Recover
- **CIS Controls** — v8 Implementation Groups
- **HIPAA** — Technical safeguards (§164.312)
- **PCI DSS** — Requirements 1-12
- **GDPR** — Article 32 security measures
### 5. Incident Response Playbook
Generate response procedures for top threats:
- Detection triggers and alert thresholds
- Containment steps (isolate, preserve, communicate)
- Eradication and recovery procedures
- Post-incident review template
- Communication templates (internal, customer, regulatory)
### 6. Remediation Roadmap
Prioritize fixes by:
- Risk score (highest first)
- Implementation effort (quick wins early)
- Compliance deadline pressure
- Budget constraints
Output a 90-day action plan with owners, deadlines, and success metrics.
## Output Format
Deliver a structured report with:
1. Executive Summary (1 page — risk posture score, top 5 findings, budget ask)
2. Detailed Findings (threat, score, evidence, remediation)
3. Compliance Gap Matrix
4. Incident Response Playbooks
5. 90-Day Remediation Roadmap
## Industry Benchmarks
- Average cost of a data breach: $4.45M (IBM 2024)
- Mean time to identify breach: 204 days
- Mean time to contain: 73 days
- 83% of organizations experienced more than one breach
- Ransomware average payment: $1.54M
---
Built by [AfrexAI](https://afrexai-cto.github.io/context-packs/) — AI context packs for business automation.