Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
About this skill
This AI agent skill provides a comprehensive framework for conducting cybersecurity risk assessments. It empowers an AI agent to act as a specialist, systematically identifying, analyzing, and mitigating security risks across an organization's assets and operations. The skill covers all critical phases, from inventorying assets and performing threat modeling using STRIDE, to scoring vulnerabilities, and mapping findings against major compliance frameworks like SOC 2, ISO 27001, and NIST CSF. Users would employ this skill to generate thorough security audits, understand their threat landscape, and ensure regulatory compliance without needing deep human expertise in every step. It's particularly useful for initial assessments, periodic reviews, or when a quick, structured security posture overview is required. The structured approach ensures consistency and completeness in the assessment process. The skill culminates in generating an incident response playbook tailored to top threats and a prioritized remediation roadmap, offering actionable insights for improving security posture. This makes it invaluable for businesses or individuals needing a guided, expert-level security analysis.
Best use case
The primary use case is to perform structured cybersecurity risk assessments, security audits, and compliance reviews for organizations of any size. It benefits IT managers, security professionals, compliance officers, and even small business owners who need to understand their security posture, identify vulnerabilities, and develop actionable plans for improvement, leveraging the AI to guide the complex process.
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
Users can expect a detailed cybersecurity risk assessment report including an asset inventory, threat model, vulnerability scores, compliance mapping, an incident response playbook, and a prioritized remediation roadmap.
Practical example
Example input
Perform a cybersecurity risk assessment for our startup. We use AWS for infrastructure, Salesforce for CRM (handling PII), and GitHub for code. Our primary concern is data integrity and compliance with GDPR.
Example output
**Cybersecurity Risk Assessment Report** **1. Asset Inventory:** - Critical Systems: AWS (production servers, databases), Salesforce (CRM, PII), GitHub (source code). - Data Classification: PII (Salesforce), IP (GitHub), Public (Website). - Network Topology: Cloud-native (AWS). - Third-party: Salesforce. **2. Threat Modeling (STRIDE) - Salesforce (PII):** - S: Weak MFA on Salesforce admin accounts (Likelihood: 4). - T: Lack of field-level encryption for sensitive PII (Impact: 5). **3. Vulnerability Scoring (Excerpt):** - Weak MFA on Salesforce: L(4) x I(4) x E(3) = 48 (High Priority) - Lack of PII encryption: L(3) x I(5) x E(4) = 60 (High Priority) **4. Compliance Mapping - GDPR (Article 32):** - Finding: Lack of PII encryption -> Direct violation of data security principles. - Finding: Weak MFA -> Inadequate security for processing PII. **5. Incident Response Playbook - Data Breach (Salesforce PII):** - Detection: Salesforce Shield alerts, user reports. - Containment: Disable compromised accounts, revoke API keys, isolate affected records. - Eradication: Remove malicious access, strengthen authentication. - Recovery: Restore data from backups, monitor for re-entry. - Communication: Notify DPO, affected customers (within 72h). **6. Remediation Roadmap (90-day plan):** - **Day 1-7 (High Priority):** Implement mandatory MFA for all Salesforce users. - **Day 7-30 (High Priority):** Research and implement field-level encryption for PII in Salesforce. - **Day 30-60 (Medium Priority):** Conduct an AWS security group review.
When to use this skill
- When needing a comprehensive security audit or threat assessment.
- To evaluate compliance against frameworks like SOC 2, HIPAA, or ISO 27001.
- To generate an incident response plan and a prioritized remediation roadmap.
- For initial security posture reviews or periodic assessments to track improvements.
When not to use this skill
- When deep, real-time penetration testing or ethical hacking is required.
- For tasks purely focused on code review without broader system context.
- As a substitute for actual human security experts for highly sensitive, bespoke, or live incident response.
- If you already have a mature, fully automated risk assessment pipeline in place.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/afrexai-cybersecurity/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Cybersecurity Risk Assessment Compares
| Feature / Agent | Cybersecurity Risk Assessment | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | easy | N/A |
Frequently Asked Questions
What does this skill do?
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
How difficult is it to install?
The installation complexity is rated as easy. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
SKILL.md Source
# Cybersecurity Risk Assessment You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework. ## Process ### 1. Asset Inventory Ask about or identify: - Critical systems (production servers, databases, SaaS platforms) - Data classification (PII, PHI, financial, IP, public) - Network topology (cloud, on-prem, hybrid) - Third-party integrations and vendor access ### 2. Threat Modeling (STRIDE) For each critical asset, evaluate: - **S**poofing — authentication weaknesses - **T**ampering — data integrity risks - **R**epudiation — audit trail gaps - **I**nformation Disclosure — data leakage vectors - **D**enial of Service — availability risks - **E**levation of Privilege — access control flaws ### 3. Vulnerability Scoring Rate each finding using Likelihood × Impact × Exposure (1-5 each): | Score Range | Priority | Response Time | |------------|----------|--------------| | 75-125 | Critical | 24 hours | | 40-74 | High | 7 days | | 15-39 | Medium | 30 days | | 1-14 | Low | Next quarter | ### 4. Compliance Mapping Map findings to relevant frameworks: - **SOC 2** — Trust Service Criteria (CC6, CC7, CC8) - **ISO 27001** — Annex A controls - **NIST CSF** — Identify, Protect, Detect, Respond, Recover - **CIS Controls** — v8 Implementation Groups - **HIPAA** — Technical safeguards (§164.312) - **PCI DSS** — Requirements 1-12 - **GDPR** — Article 32 security measures ### 5. Incident Response Playbook Generate response procedures for top threats: - Detection triggers and alert thresholds - Containment steps (isolate, preserve, communicate) - Eradication and recovery procedures - Post-incident review template - Communication templates (internal, customer, regulatory) ### 6. Remediation Roadmap Prioritize fixes by: - Risk score (highest first) - Implementation effort (quick wins early) - Compliance deadline pressure - Budget constraints Output a 90-day action plan with owners, deadlines, and success metrics. ## Output Format Deliver a structured report with: 1. Executive Summary (1 page — risk posture score, top 5 findings, budget ask) 2. Detailed Findings (threat, score, evidence, remediation) 3. Compliance Gap Matrix 4. Incident Response Playbooks 5. 90-Day Remediation Roadmap ## Industry Benchmarks - Average cost of a data breach: $4.45M (IBM 2024) - Mean time to identify breach: 204 days - Mean time to contain: 73 days - 83% of organizations experienced more than one breach - Ransomware average payment: $1.54M --- Built by [AfrexAI](https://afrexai-cto.github.io/context-packs/) — AI context packs for business automation.
Related Skills
afrexai-cybersecurity-engine
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.
Data Governance Framework
Assess, score, and remediate your organization's data governance posture across 6 domains.
Compliance & Audit Readiness Engine
Your AI compliance officer. Guides startups and scale-ups through SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS — from zero to audit-ready. No consultants needed.
Compliance Audit Generator
Run internal compliance audits against major frameworks without hiring a consultant.
AI Safety Audit
Comprehensive AI safety and alignment audit framework for businesses deploying AI agents. Built around the UK AI Security Institute Alignment Project standards (2026), EU AI Act requirements, and NIST AI RMF.
clickhouse-github-forensics
Query GitHub event data via ClickHouse for supply chain investigations, actor profiling, and anomaly detection. Use when investigating GitHub-based attacks, tracking repository activity, analyzing actor behavior patterns, detecting tag/release tampering, or reconstructing incident timelines from public GitHub data. Triggers on GitHub supply chain attacks, repo compromise investigations, actor attribution, tag poisoning, or "query github events".
security-guardian
Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.
mema-vault
Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys, database credentials, and other sensitive tokens.
guardian-wall
Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the internet, user-uploaded files, or any external source to sanitize content and detect malicious instructions (e.g., "ignore previous instructions", "system override").
SX-security-audit
全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。
skill-safe-install-l0-strict
Strict secure-install workflow for ClawHub/OpenClaw skills. Use when asked to install a skill safely, inspect skill permissions, review third-party skill risk, or run a pre-install security audit. Enforce full review + sandbox + explicit consent gates, with no author-based trust bypass.