We ve standardized infrastructure, deployments, and networks using code, but risk has largely remained trapped in spreadsheets, static registers, and fragmented tooling. CRML feels like a strong step toward making cyber risk portable, machine-readable, and automation-ready.

What stands out is the framework-agnostic approach. Organizations today don t operate in a single control universe they juggle ISO, NIST, CIS, regulatory mandates, and internal models. A declarative layer that can sit above these and enable simulation, telemetry mapping, and quantification could significantly improve how leaders understand and act on cyber exposure.

Excited to see where this goes especially the possibilities around integrating risk models into real-time decision systems and bridging the gap between security operations and business risk.

Hi Community,

This is Sanket here. Building in the space of agnetic cyber risk management. Here to explore whats being built in the space and eventually launch my new product here. Anything that you think I should keep in mind let me know.

Writing on the @1Password blog, Jason Meller says that he found that the top downloaded OpenClaw skill was a malware delivery vehicle:

While browsing ClawHub (I won t link it for obvious reasons), I noticed the top downloaded skill at the time was a Twitter skill. It looked normal: description, intended use, an overview, the kind of thing you d expect to install without a second thought.

But the very first thing it did was introduce a required dependency named openclaw-core, along with platform-specific install steps. Those steps included convenient links ( here , this link ) that appeared to be normal documentation pointers.

They weren t.

Both links led to malicious infrastructure.

Indeed, this wasn't an isolated case.