ClawHub

Cybersecurity Risk Assessment

v1.0.0

Conduct cybersecurity risk assessments by identifying assets, modeling threats, scoring vulnerabilities, mapping compliance, and creating incident response a...

5· 816·2 current·2 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md: STRIDE threat modeling, vulnerability scoring, compliance mapping, incident response, and a 90-day remediation roadmap. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Runtime instructions ask the agent to elicit and document sensitive information (critical systems, PII/PHI classification, vendor access, evidence for findings). This is appropriate for a risk assessment, but it means the agent will request and handle sensitive organizational data — users should avoid pasting real credentials or secrets directly into the chat.
Install Mechanism
No install spec and no code files are included. Because the skill is instruction-only, nothing is written to disk and there are no remote downloads to evaluate.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The absence of requested credentials is proportionate to the skill being an advice/report generator rather than an automation that calls external APIs or systems.
Persistence & Privilege
always is false (default) and autonomous invocation is allowed (platform default). The skill does not request persistent privileges, system modifications, or configuration changes to other skills.
Assessment
This skill is coherent and appears safe to install, but it is designed to gather sensitive information about your environment (assets, data classifications, vendor access, evidence). Before providing data, redact or avoid pasting secrets, credentials, full PII/PHI, or logs containing auth tokens. Use placeholder values where possible, and validate any remediation recommendations with a human security professional before applying changes. If you plan to have the agent perform active scans or access systems, configure scoped service accounts and secure credential storage rather than entering credentials directly into chat.

Like a lobster shell, security has layers — review code before you run it.

NISTvk97bnr0k2ep4tx8dnfmvzsdv518178faSOC2vk97bnr0k2ep4tx8dnfmvzsdv518178facompliancevk97bnr0k2ep4tx8dnfmvzsdv518178facybersecurityvk97bnr0k2ep4tx8dnfmvzsdv518178falatestvk97bnr0k2ep4tx8dnfmvzsdv518178fariskvk97bnr0k2ep4tx8dnfmvzsdv518178fasecurityvk97bnr0k2ep4tx8dnfmvzsdv518178fa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments