🧪 Skills

IT Risk Assessment Tool

Perform comprehensive IT risk assessments across infrastructure, data protection, access control, compliance, incident response, and vendor management. Use w...

v1.3.0
❤️ 0
⬇️ 37
👁 1
Save📁 Collect
Share

Description

name: it-risk-assessment-tool description: Perform comprehensive IT risk assessments across infrastructure, data protection, access control, compliance, incident response, and vendor management. Use when evaluating IT security posture, risk scoring, security controls maturity, compliance readiness, or enterprise risk management. version: 1.0.0 homepage: https://portal.toolweb.in metadata: openclaw: emoji: "⚡" requires: env: - TOOLWEB_API_KEY bins: - curl primaryEnv: TOOLWEB_API_KEY os: - linux - darwin - win32 category: security

IT Risk Assessment Tool ⚡🔍

Perform a comprehensive IT risk assessment across six critical security domains: Infrastructure Security, Data Protection, Access Control, Compliance, Incident Response, and Vendor/Third-Party Risk. Returns a risk score, domain-level breakdown, and prioritized remediation roadmap.

Built by a CISSP/CISM certified security professional at ToolWeb.in

When to Use

  • User asks for an IT risk assessment or security posture evaluation
  • User wants to score their security controls maturity
  • User needs to evaluate infrastructure, data, or access security
  • User mentions compliance readiness or audit preparation
  • User asks about incident response or vendor risk management
  • User wants an overall enterprise IT risk score

Prerequisites

  • TOOLWEB_API_KEY — Get your API key from portal.toolweb.in
  • curl must be available on the system

API Endpoint

POST https://portal.toolweb.in/apis/security/it-risk-assessment

Workflow

  1. Gather inputs from the user. Ask them to rate each control as a maturity level. Suggested values: "None", "Basic", "Partial", "Comprehensive", "Advanced" (or similar descriptors the user provides — the API accepts free-text strings).

    Infrastructure Security (3 controls):

    • infra_segmentation — Network segmentation maturity (e.g., "None", "Basic flat network", "VLANs implemented", "Micro-segmentation with zero trust")
    • infra_firewall — Firewall and perimeter defense (e.g., "None", "Basic firewall", "Next-gen firewall with IPS", "Full NGFW with threat intel feeds")
    • infra_patching — Patch management (e.g., "None", "Ad-hoc patching", "Monthly patch cycle", "Automated patching with SLA tracking")

    Data Protection (3 controls):

    • data_classification — Data classification program (e.g., "None", "Informal", "Defined policy", "Automated classification with DLP")
    • data_encryption — Encryption at rest and in transit (e.g., "None", "Partial - transit only", "Full encryption at rest and transit", "End-to-end with key management")
    • data_backup — Backup and recovery (e.g., "None", "Manual backups", "Automated daily backups", "Immutable backups with tested restores")

    Access Control (3 controls):

    • access_mfa — Multi-factor authentication (e.g., "None", "MFA for VPN only", "MFA for all remote access", "MFA everywhere including internal")
    • access_pam — Privileged access management (e.g., "None", "Shared admin accounts", "Individual admin accounts", "Full PAM with session recording")
    • access_review — Access reviews and recertification (e.g., "None", "Annual review", "Quarterly reviews", "Continuous access monitoring")

    Compliance (3 controls):

    • comp_policies — Security policies and procedures (e.g., "None", "Informal guidelines", "Documented policies", "Reviewed and updated annually")
    • comp_regulatory — Regulatory compliance (e.g., "None", "Aware of requirements", "Partial compliance", "Fully compliant with audits")
    • comp_training — Security awareness training (e.g., "None", "One-time training", "Annual training", "Continuous training with phishing simulations")

    Incident Response (3 controls):

    • ir_plan — Incident response plan (e.g., "None", "Informal process", "Documented IR plan", "Tested IR plan with tabletop exercises")
    • ir_monitoring — Security monitoring and SIEM (e.g., "None", "Basic log collection", "SIEM with alert rules", "24/7 SOC with automated response")
    • ir_threat — Threat intelligence (e.g., "None", "Ad-hoc awareness", "Subscribed threat feeds", "Integrated threat intel with automated blocking")

    Vendor/Third-Party Risk (3 controls):

    • vendor_assessment — Vendor security assessments (e.g., "None", "Self-assessment questionnaires", "On-site audits for critical vendors", "Continuous vendor monitoring")
    • vendor_contracts — Security requirements in contracts (e.g., "None", "Basic NDA", "Security clauses included", "Comprehensive security SLAs with penalties")
    • vendor_monitoring — Ongoing vendor monitoring (e.g., "None", "Annual review", "Quarterly reviews", "Continuous monitoring with risk scoring")

  2. Call the API:

curl -s -X POST "https://portal.toolweb.in/apis/security/it-risk-assessment" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $TOOLWEB_API_KEY" \
  -d '{
    "infra_segmentation": "<value>",
    "infra_firewall": "<value>",
    "infra_patching": "<value>",
    "data_classification": "<value>",
    "data_encryption": "<value>",
    "data_backup": "<value>",
    "access_mfa": "<value>",
    "access_pam": "<value>",
    "access_review": "<value>",
    "comp_policies": "<value>",
    "comp_regulatory": "<value>",
    "comp_training": "<value>",
    "ir_plan": "<value>",
    "ir_monitoring": "<value>",
    "ir_threat": "<value>",
    "vendor_assessment": "<value>",
    "vendor_contracts": "<value>",
    "vendor_monitoring": "<value>",
    "sessionId": "<generate-unique-id>"
  }'

Generate a unique sessionId (e.g., UUID or timestamp-based).

  1. Present results clearly:
    • Lead with overall risk score and risk level
    • Show domain-level scores (Infrastructure, Data, Access, Compliance, IR, Vendor)
    • Highlight critical gaps
    • Present remediation actions in priority order

Output Format

⚡ IT Risk Assessment Report
━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Overall Risk Score: [XX/100]
Risk Level: [Critical/High/Medium/Low]

📊 Domain Scores:
  🏗️ Infrastructure Security: [score]
  🔒 Data Protection: [score]
  🔑 Access Control: [score]
  📋 Compliance: [score]
  🚨 Incident Response: [score]
  🤝 Vendor Risk: [score]

🚨 Critical Gaps:
[List highest-risk findings]

📋 Top Remediation Actions:
1. [Action] — Priority: [Critical/High]
2. [Action] — Priority: [Critical/High]
3. [Action] — Priority: [Medium]

📎 Full report powered by ToolWeb.in

Error Handling

  • If TOOLWEB_API_KEY is not set: Tell the user to get an API key from https://portal.toolweb.in
  • If the API returns 401: API key is invalid or expired
  • If the API returns 422: Missing required fields — all 18 controls must be provided
  • If the API returns 429: Rate limit exceeded — wait and retry after 60 seconds
  • If curl is not available: Suggest installing curl

Example Interaction

User: "Run an IT risk assessment for our company"

Agent flow:

  1. Ask: "I'll assess 6 security domains with 3 controls each. Let's start: Infrastructure: How would you describe your network segmentation, firewall setup, and patch management?"
  2. User responds, then ask about Data Protection, Access Control, etc.
  3. Call API with all 18 values
  4. Present the risk score, domain breakdown, and remediation roadmap

Quick assessment shortcut: If the user says "we're mostly basic" or "we're a startup with minimal security", the agent can fill in reasonable defaults like "Basic" or "None" for most fields and confirm with the user before calling the API.

Pricing

  • API access via portal.toolweb.in subscription plans
  • Free trial: 10 API calls/day, 50 API calls/month to test the skill
  • Developer: $39/month — 20 calls/day and 500 calls/month
  • Professional: $99/month — 200 calls/day, 5000 calls/month
  • Enterprise: $299/month — 100K calls/day, 1M calls/month

##About

Created by ToolWeb.in — a security-focused MicroSaaS platform with 200+ security APIs, built by a CISSP & CISM certified professional. Trusted by security teams in USA, UK, and Europe and we have platforms for "Pay-per-run", "API Gateway", "MCP Server", "OpenClaw", "RapidAPI" for execution and YouTube channel for demos.

Related Skills

  • OT Security Posture Scorecard — OT/ICS/SCADA security assessment
  • ISO 42001 AIMS Readiness — AI governance compliance
  • GDPR Compliance Tracker — GDPR readiness assessment
  • Threat Assessment & Defense Guide — Threat modeling and defense
  • Data Breach Impact Calculator — Estimate breach costs

Tips

  • Be honest about maturity levels — the assessment is only as good as the input
  • Use "None" for controls that don't exist rather than skipping them
  • Run quarterly to track improvement over time
  • Share the domain scores with relevant team leads (Infrastructure to NetOps, Access to IAM team, etc.)
  • Use the remediation roadmap for security budget justification

Reviews (0)

Sign in to write a review.

No reviews yet. Be the first to review!

Comments (0)

Sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Compatible Platforms

Links

📂 Source Code

Pricing

Free

Related Configs

🧪 Skill

self-improving-agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

❤️ 2.0k ⬇️ 218k
🧪 Skill

Self Improving Agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. And also 50+ models for image generation, video generation, text-to-speech, spe...

❤️ 2.0k ⬇️ 206k
🧪 Skill

Find Skills

Free

Search, discover, and install skills from the open agent skills ecosystem to extend agent capabilities for specific tasks or domains.

❤️ 814 ⬇️ 199k
🧪 Skill

Summarize

Free

--- name: summarize description: Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube). homepage: https://summarize.sh metadata: {"clawdbot":{"emoji":"🧾","requires":{"b

❤️ 609 ⬇️ 160k