iso27001-gap-analyzer
Iso27001 Gap Analyzer - Auto-activating skill for Security Advanced. Triggers on: iso27001 gap analyzer, iso27001 gap analyzer Part of the Security Advanced skill category.
36
Quality
3%
Does it follow best practices?
Impact
99%
1.01xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/iso27001-gap-analyzer/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is severely underdeveloped, essentially just restating the skill name without explaining capabilities or use cases. It lacks any concrete actions, natural trigger terms, or guidance on when Claude should select this skill. The description would fail to help Claude distinguish this skill's purpose from other security-related skills.
Suggestions
Add specific actions the skill performs, e.g., 'Analyzes organizational security controls against ISO 27001 requirements, identifies compliance gaps, and generates remediation recommendations.'
Include a 'Use when...' clause with natural trigger terms like 'ISO 27001 compliance check', 'ISMS audit', 'information security gap analysis', 'security framework assessment'.
Remove the redundant trigger term and expand with variations users would naturally say, including common abbreviations and related concepts like 'security controls review' or 'compliance assessment'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions - it only names the skill and mentions it's for 'Security Advanced' without explaining what it actually does (e.g., analyze controls, identify gaps, generate reports). | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name itself, and provides no 'when should Claude use it' guidance. There is no explicit trigger clause or use case explanation. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'iso27001 gap analyzer' repeated twice. Missing natural variations users would say like 'ISO 27001 compliance', 'security audit', 'ISMS gaps', 'information security assessment'. | 1 / 3 |
Distinctiveness Conflict Risk | The ISO 27001 reference provides some specificity to information security standards, but 'Security Advanced' is vague and could overlap with other security-related skills. The narrow trigger terms help avoid conflicts but at the cost of discoverability. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is essentially a placeholder with no substantive guidance. It fails on all dimensions by providing only generic descriptions of what the skill claims to do without any actual instructions, code, frameworks, or actionable content for performing ISO 27001 gap analysis.
Suggestions
Add concrete ISO 27001 gap analysis workflow: 1) Identify applicable controls from Annex A, 2) Assess current state, 3) Document gaps, 4) Prioritize remediation
Include executable examples such as a gap assessment template, control mapping structure, or sample output format for findings
Provide specific ISO 27001 control categories and how to evaluate each (e.g., A.5 Information Security Policies, A.6 Organization of Information Security)
Add references to detailed materials: control checklists, evidence requirements, common gap patterns, and remediation guidance
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with zero actionable information. | 1 / 3 |
Actionability | There is no concrete guidance whatsoever - no code, no commands, no specific steps, no examples of actual ISO 27001 gap analysis. The content only describes what the skill claims to do without showing how to do anything. | 1 / 3 |
Workflow Clarity | No workflow is defined. For a gap analysis task that inherently involves multi-step processes (identifying controls, assessing gaps, documenting findings), there are no steps, sequences, or validation checkpoints provided. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no structure for discovery. There are no references to detailed materials, no links to control frameworks, templates, or examples that would be essential for ISO 27001 gap analysis. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.