isms audit expert

Name: isms audit expert
Author: alirezarezvani

by alirezarezvani·18d ago

Information Security Management System (ISMS) audit expert for ISO 27001 compliance verification, security control asse…

Claude CodeMedium risk · 中风险open source · 开源

Editor's verdict· 编辑结论

Information Security Management System (ISMS) audit expert for ISO 27001 compliance verification, security control assessment, and certification support. Use when the user mentions ISO 27001, ISMS audit, Annex A controls, Statement of Applicability (SOA), gap analysis, nonconfor…
— Editorial team · 编辑团队

Install via Skills CLI

Use npx skills add to install this skill into the selected agent. Phase 0 commands are generated from source rules, not verified.

Codex

npx skills add https://github.com/alirezarezvani/claude-skills/blob/main/ra-qm-team/skills/isms-audit-expert/SKILL.md -g -a codex -y

Drop `-g` to install project-locally

✓

Best for适合什么场景

代码审查
重构规划
测试生成

✗

Not for不适合什么场景

Workflows that require stronger human review than this catalog entry documents.需要比当前目录条目更严格人工复核的工作流。

vs alternativesvs 其他选择

Full compare table完整对比表 →

#1GStack Review

Find the risky changes before the branch lands.

★ 4.9·80k stars

diff · 差异Best first pick for high-signal PR review. It reads the actual diff instead of re-summarizing the whole repo, so the review stays grounded in code that changed. Strongest on trust-boundary cases — SQL injection, auth checks, conditional side-effects — where surface reviewers usually miss the failure mode. Skip it for pure style nits; bring in a linter instead. Try it on a feature branch before relying on it for hot-fix gating.

#2Git Shiproom

Pre-flight every branch before you ask for review.

★ 4.9·13k stars

diff · 差异Best for the narrow gap between "my branch is ready" and "a reviewer can pick it up cold." Runs a pre-flight: dependency drift, missing tests for the changed files, commits that don't match the PR title, and writes a handoff note your reviewer can read in 60 seconds. It is not a code reviewer — it does not audit logic. Use it as the last thing before requesting review, not as a replacement for review itself.

#3Review Radar

Find the bugs, regressions, and missing tests first.

★ 4.8·11k stars

diff · 差异Best when you want PR review insights without committing to a full review workflow. Surfaces the same regression-and-missing-tests signal as gstack-review, but in a quieter, suggestion-only mode — no fix application, no diff edits, no comment threads. Strongest for senior engineers who want a second opinion before they merge their own PR. Weakest when the goal is gating others' code; for that, gstack-review's heavier loop pays off.

Side-by-side compare维度对比

Key differences with same-lane alternatives

	this skill · 当前isms audit expert	GStack Review	Git Shiproom	Review Radar
Rating · 评分	—	4.9	4.9	4.8
Stars · 星标	14k	80k	13k	11k
Risk · 风险	Medium risk · 中风险	Low risk · 低风险	Low risk · 低风险	Low risk · 低风险
Best for · 最适合	代码审查	Pre-merge PR review	Pre-flight every branch before you ask for review.	Find the bugs, regressions, and missing tests first.
Not for · 不适合	Workflows that require stronger human review than this catalog entry documents.	Pure style review	Workflows that require stronger human review than this catalog entry documents.	Workflows that require stronger human review than this catalog entry documents.

Audit notes审计备注

last reviewed 2026-06-03 · 复查

Source源码open on GitHub · 公开✓

Author作者community · 社区!

Network网络访问network access · 需联网✓

Filesystem文件写入writes to repo · 写入仓库!

Dependencies依赖many deps · 依赖较多✓

Telemetry遥测none · 无✓