Skill · AI agents · ISO 27001

Install our skill on your agents.

One command and your AI agent starts checking vulnerabilities (npm audit) and feeding your ISO/IEC 27001 compliance automatically. No sign-up, no friction: on first run it creates your trial organization and gets going.

01 Run — simplest way

One command, inside your project.

In your code directory (with package.json), no install needed:

npx @exponencial/iso-remediacao

On first run it creates your trial organization (with your git config user.email) and syncs compliance. Already a client? Use npx @exponencial/iso-remediacao --connect to connect to your account (an owner approves in /adm → Organizations → Approve agent).

02 Install as a skill

To use inside the agent (Claude Code).

Downloads the skill into your agent's skills folder — works in any project:

mkdir -p ~/.claude/skills/iso-remediacao && \
  curl -fsSL https://exponencialadm.net/skill/iso-remediacao/SKILL.md      -o ~/.claude/skills/iso-remediacao/SKILL.md && \
  curl -fsSL https://exponencialadm.net/skill/iso-remediacao/remediate.mjs -o ~/.claude/skills/iso-remediacao/remediate.mjs

Then, inside the project: node ~/.claude/skills/iso-remediacao/remediate.mjs — or ask the agent “use the iso-remediacao skill”.

03 Per agent

Works with your agent.

Claude Code

  1. Run the install command above (copies the skill into ~/.claude/skills/).
  2. Inside your project, ask Claude: “use the iso-remediacao skill” — or run the skill command directly.
  3. On first run, the skill creates a trial organization with your email (from git config user.email) and gets going.

Cursor / VS Code (agent)

  1. The skill is just a Node script — not tied to a specific agent.
  2. Install with the command above and add to your flow: node ~/.claude/skills/iso-remediacao/remediate.mjs.
  3. Works in any project with package.json + package-lock.json.

Any agent / CI

  1. Download remediate.mjs and run it with Node ≥ 18 inside the repo.
  2. Set EXP_AGENT_EMAIL to the owner's email (becomes the org owner).
  3. Schedule it (cron/CI) to keep A.8.8 compliance always current.

04 See the result

Track it in the panel.

After the first run, open the panel and sign in with the same email (magic link, no password). You'll see the Annex A controls, the risks the agent opened/closed and the evidence — all isolated in your organization.