iso27001-gap-analyzer
Iso27001 Gap Analyzer - Auto-activating skill for Security Advanced. Triggers on: iso27001 gap analyzer, iso27001 gap analyzer Part of the Security Advanced skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill iso27001-gap-analyzerOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely underdeveloped, essentially just restating the skill name without explaining capabilities or usage triggers. It provides no actionable information for Claude to determine when to select this skill over others. The redundant trigger terms and complete absence of concrete actions make this description ineffective for skill selection.
Suggestions
Add specific capabilities: describe what the analyzer does (e.g., 'Analyzes organizational security controls against ISO 27001 requirements, identifies compliance gaps, generates remediation recommendations')
Add a 'Use when...' clause with natural trigger terms like 'ISO 27001 compliance', 'security gap analysis', 'ISMS audit', 'information security assessment', or 'Annex A controls'
Remove the redundant trigger term and expand to include variations users might naturally say when needing this skill
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions - it only names the skill and mentions it's for 'Security Advanced' without explaining what it actually does (e.g., analyze controls, identify gaps, generate reports). | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and provides no 'when to use' guidance. There is no explicit trigger clause explaining when Claude should select this skill. | 1 / 3 |
Trigger Term Quality | The trigger terms are redundant ('iso27001 gap analyzer' listed twice) and overly specific. Missing natural variations users might say like 'ISO 27001 compliance', 'security audit', 'information security gaps', or 'ISMS assessment'. | 1 / 3 |
Distinctiveness Conflict Risk | The ISO 27001 focus provides some distinctiveness from generic security skills, but the vague 'Security Advanced' category and lack of specific capabilities could cause overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill content is essentially a placeholder with no substantive guidance. It contains only generic marketing-style descriptions without any actionable instructions, code, control mappings, or workflow steps needed to actually perform ISO 27001 gap analysis. The content fails on all dimensions by providing zero value beyond what the skill's title already conveys.
Suggestions
Add a concrete workflow for ISO 27001 gap analysis: scoping → control inventory → evidence collection → gap identification → remediation planning → reporting
Include specific ISO 27001 Annex A control categories and provide a checklist or mapping template for gap assessment
Provide executable examples such as a gap assessment matrix template, sample interview questions for control owners, or a Python script for parsing evidence documents
Add validation checkpoints (e.g., 'Verify all 93 Annex A controls are addressed before finalizing report') and reference supporting materials for detailed control guidance
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with zero actionable information. | 1 / 3 |
Actionability | There is no concrete guidance whatsoever—no code, no commands, no specific steps, no examples of actual ISO 27001 gap analysis. The content describes what the skill supposedly does without instructing how to do anything. | 1 / 3 |
Workflow Clarity | No workflow is defined. For a gap analysis task (which inherently involves multi-step processes like scoping, control mapping, evidence collection, and reporting), the complete absence of any sequenced steps is a critical failure. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no structure pointing to detailed materials, no references to control frameworks, checklists, or supporting documentation that would be essential for ISO 27001 gap analysis. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.