isms-audit-expert

579 stars 112 forks

Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support.

CommandsAgentsMarketplace

#claude-ai#security audit#security#claudecode-subagents#claude-ai-skills#security control#ISMS#technical security

Third-Party Agent Skill: Review the code before installing. Agent skills execute in your AI assistant's environment and can access your files. Learn more about security

Installation for Agentic Skill

View all platforms →

Claude Code (CLI) Fast

skilz install alirezarezvani/claude-skills/isms-audit-expert

OpenCode (CLI) Fast

skilz install alirezarezvani/claude-skills/isms-audit-expert --agent opencode

OpenAI Codex (CLI) Native

skilz install alirezarezvani/claude-skills/isms-audit-expert --agent codex

Gemini CLI (Project) Project

skilz install alirezarezvani/claude-skills/isms-audit-expert --agent gemini

First time? Install Skilz: pip install skilz

Works with 22+ AI coding assistants

Cursor, Aider, Copilot, Windsurf, Qwen, Kimi, and more...

View All Agents

For Claude Desktop Easy

Download Agent Skill ZIP

Extract and copy to ~/.claude/skills/ then restart Claude Desktop

Manual Installation

1. Clone the repository:

git clone https://github.com/alirezarezvani/claude-skills

2. Copy the agent skill directory:

cp -r claude-skills/ra-qm-team/isms-audit-expert ~/.claude/skills/

Agentic Skill Grades →

Agent Skill Grade

Score: 54/100 Click to see breakdown

Score Breakdown

Spec Compliance

12/15

PDA Architecture

10/30

Ease of Use

15/25

Writing Style

6/10

Utility

8/20

Modifiers: +3

Areas to Improve

Phantom Reference Architecture
Token-Heavy ASCII Art
Non-Executable Workflows

Recommendations

Focus on improving Pda (currently 10/30)
Focus on improving Utility (currently 8/20)
Address 2 high-severity issues first

Graded: 2026-01-24

Developer Feedback

I took a look at isms-audit-expert and noticed it's tackling information security management system auditing—a domain that really benefits from structured methodology. The skill reads more like a checklist framework than a tool that walks developers through why each control matters, which is probably why it landed at 54/100.

Links:

The TL;DR

You're at 54/100, which is an F grade. This is based on Anthropic's best practices for agentic skills. Your strongest area is Spec Compliance (12/15)—the frontmatter and naming conventions are solid. The real drag is Progressive Disclosure Architecture (10/30)—you're promising 15+ reference files and scripts that don't actually exist on disk, which completely breaks the layered structure that makes skills token-efficient and maintainable.

What's Working Well

Strong trigger terms: Your metadata includes specific, actionable triggers like "ISMS audit", "ISO 27001", and "security control assessment"—developers will find this skill when they need it
Clear spec compliance: Valid YAML frontmatter, proper naming conventions, and all required fields are in place
Navigable structure: The numbered sections and TOC-like layout make it easy to scan within the single file
Real domain expertise: The ISO 27001 framework and ISMS methodology are legit; the conceptual foundation is sound

The Big One: Phantom References

This is your biggest blocker. You list 15+ files that don't exist: iso27001-audit-methodology.md, isms-audit-scheduler.py, security-audit-prep.py, templates in assets/, examples scattered across references/. None of these files are on disk.

Here's what's happening: you're violating the core PDA principle. Instead o...

AI-Detected Topics

Extracted using NLP analysis

claude-ai security audit security claudecode-subagents claude-ai-skills security control ISMS technical security audit program claude-skills

Report Security Issue

Found a security vulnerability in this agent skill?