iso27001-gap-analyzer
Iso27001 Gap Analyzer - Auto-activating skill for Security Advanced. Triggers on: iso27001 gap analyzer, iso27001 gap analyzer Part of the Security Advanced skill category.
36
3%
Does it follow best practices?
Impact
99%
1.01xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/iso27001-gap-analyzer/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a boilerplate auto-generated stub with no meaningful content. It fails to describe any concrete capabilities, lacks natural trigger terms users would employ, and provides no guidance on when Claude should select this skill. The only slight positive is that the ISO 27001 domain reference provides minimal distinctiveness.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Analyzes organizational security controls against ISO 27001:2022 requirements, identifies compliance gaps, and generates remediation recommendations.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about ISO 27001 compliance, ISMS gap analysis, information security audit, control assessment, or Annex A controls.'
Include natural keyword variations users would actually say, such as 'ISO 27001', 'ISMS', 'security compliance gaps', 'Annex A', 'Statement of Applicability', 'security audit', and 'control maturity assessment'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions. It only names itself ('Iso27001 Gap Analyzer') and says it's 'auto-activating' for 'Security Advanced', but never describes what it actually does—no mention of analyzing gaps, generating reports, comparing controls, or any specific capabilities. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no explanation of capabilities and no explicit 'Use when...' clause. The auto-generated trigger line is not a meaningful substitute for explicit usage guidance. | 1 / 3 |
Trigger Term Quality | The trigger terms are just the skill name repeated twice ('iso27001 gap analyzer, iso27001 gap analyzer'). There are no natural user keywords like 'ISO 27001 compliance', 'security audit', 'information security gaps', 'ISMS', 'control assessment', or other terms a user would naturally say. | 1 / 3 |
Distinctiveness Conflict Risk | The mention of 'ISO 27001' and 'gap analyzer' does provide some domain specificity that distinguishes it from generic security skills. However, without describing what it actually does, it could still overlap with other ISO 27001 or security compliance skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty placeholder that provides no actual guidance on ISO 27001 gap analysis. It contains only boilerplate meta-descriptions about what the skill supposedly does, without any substantive content—no control frameworks, no assessment methodology, no code, no examples, and no references. It would be entirely useless to Claude in performing any ISO 27001-related task.
Suggestions
Add a concrete workflow for ISO 27001 gap analysis: scoping → control inventory → evidence collection → gap identification → risk scoring → remediation planning, with validation checkpoints at each stage.
Include actionable content such as the ISO 27001 Annex A control categories, a gap assessment matrix template, and example code/scripts for automating evidence collection or generating gap reports.
Provide specific examples showing input (e.g., a partial controls inventory) and expected output (e.g., a gap analysis report format with risk ratings).
Remove all boilerplate sections ('When to Use', 'Example Triggers', 'Capabilities') that describe the skill abstractly and replace them with actual domain knowledge and executable guidance.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler with no substantive information. It explains what the skill does in abstract terms without providing any actual guidance, commands, or domain-specific knowledge about ISO 27001 gap analysis. | 1 / 3 |
Actionability | There is zero concrete, executable guidance. No code, no commands, no specific steps for performing an ISO 27001 gap analysis. Every section is vague and describes rather than instructs. | 1 / 3 |
Workflow Clarity | No workflow is defined at all. An ISO 27001 gap analysis is inherently a multi-step process (scoping, control mapping, evidence gathering, gap identification, remediation planning), yet none of these steps are mentioned or sequenced. | 1 / 3 |
Progressive Disclosure | The content is a flat, shallow placeholder with no meaningful structure. There are no references to detailed materials, no linked resources, and no organized sections containing actual content worth navigating. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3076d78
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.