BytesAgain is a curated directory of 60,000+ AI agent skills from ClawHub, GitHub, LobeHub, and Dify. Search skills by keyword in 7 languages, browse by role (developer, creator, trader, marketer) or by use case.

How do I find AI skills on BytesAgain?

Use the search bar on BytesAgain.com to search by keyword in 7 languages. You can also browse by role (developer, creator, trader, marketer) or by use case. Each skill shows install instructions for Claude, Cursor, OpenClaw, Continue, and more.

Yes, BytesAgain is completely free. No registration required for searching skills. The MCP API is also free with rate limits.

Does BytesAgain have an API for AI agents?

Yes! BytesAgain provides a free MCP SSE endpoint at /api/mcp/sse for AI agents, plus a REST API at /api/mcp?action=search&q= . No authentication needed.

Can I request a new AI skill on BytesAgain?

Yes! Visit the Requests page on BytesAgain.com to submit a skill request. Your request will be visible to the community and notified to the site admin.

🦀 ClawHub

Iso 27001 Internal Audit

by @stevenobiajulu

Run an ISO 27001 internal audit. Walk through controls by domain, identify gaps, collect evidence, and generate findings with corrective action recommendatio...

Versionv0.1.0

#crypto #requires-sensitive-credentials #clawhub

⚡ When to Use

Trigger	Action
1. Preparing for a surveillance or certification audit — run 4-6 weeks before the external audit
2. Performing quarterly internal audit — ISO 27001 requires at least annual internal audits; quarterly is best practice
3. Post-incident review — assess whether controls failed and what corrective actions are needed
4. New framework adoption — map existing controls to ISO 27001 requirements
5. Onboarding a new compliance tool — validate that automated checks cover the right controls
Do NOT use for:
- Generating the ISO 27001 Statement of Applicability (SoA) from scratch — use `iso-27001-evidence-collection` for evidence gathering first
- SOC 2-only audits — use `soc2-readiness` instead
- Reading or interpreting a specific contract clause — use legal agreement skills

📋 Tips & Best Practices

| Problem | Solution | |---------|----------| | Data is stale (> 7 days old) | Refresh from monitoring dashboard or re-export from source systems | | Can't determine which controls apply | Start with the SoA; if no SoA exists, use the decision tree above | | Too many findings to address before audit | Prioritize: fix all Major nonconformities first, then Critical-tier Minors | | Evidence timestamps don't match audit period | Re-collect evidence within the audit window (typically 12 months) | | Cloud provider controls not documented | Request SOC 2 Type II report from provider; map their controls to your SoA | | Internal audit has never been done | This IS the first internal audit — document that in the report and plan for regular cadence |

🔒 Constraints

For detailed per-control guidance, load the appropriate rules file:

| File | Coverage | |------|----------| | rules/access-control.md | A.5.15-A.5.18, A.8.2-A.8.5 — identity, authentication, authorization | | rules/incident-response.md | A.5.24-A.5.29, A.6.8 — incident lifecycle | | rules/encryption.md | A.8.24, A.8.10-A.8.12 — cryptographic controls | | rules/change-management.md | A.8.25-A.8.34, A.8.9, A.8.32 — SDLC and configuration | | rules/logging-monitoring.md | A.8.15-A.8.17 — audit trails and monitoring | | rules/business-continuity.md | A.5.30, A.8.13-A.8.14 — backup, DR, BCP | | rules/people-controls.md | A.6.1-A.6.8 — HR security lifecycle | | rules/supplier-management.md | A.5.19-A.5.23 — third-party risk | | rules/isms-management.md | Clauses 4-10 — management system operation |