ClawHub

Cybersecurity Engine

v1.0.0

Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident...

0· 735·1 current·1 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (complete cybersecurity assessment, threat modeling, hardening) matches the SKILL.md content: checklists, templates, threat modeling and assessment YAMLs. There are no unrelated environment variables, binaries, or install steps declared. However, the publisher/source/homepage are missing (source unknown), which reduces trust and should be considered before use.
Instruction Scope
SKILL.md is a long, methodology-driven instruction document (checklists, threat register templates, playbooks). The instructions shown do not themselves demand reading system files, installing tools, or accessing credentials. That said, practical use of this skill will likely require you to provide architecture details, config snippets, logs, or other sensitive artifacts — the skill may prompt the agent to request those. Treat any requests for secrets or full production configs as sensitive and limit scope (use redacted samples or temporary/staging credentials).
Install Mechanism
No install specification and no code files are included (instruction-only). This is low-risk from an install/execution perspective because nothing will be written to disk or downloaded by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. There is no disproportionate credential request in the metadata.
Persistence & Privilege
always:false and default autonomous invocation settings are used (normal). The skill does not request persistent presence or elevated agent-wide privileges in its metadata. Autonomous use is allowed by platform defaults; combine this with the unknown publisher when deciding trust.
Assessment
This skill appears coherent and is just a methodology (no code or installs). Before installing/using it: (1) verify the publisher or prefer skills with an identifiable homepage; (2) never paste production secrets, private keys, or full credentials into the agent — use redacted examples or temporary/staging credentials; (3) if the agent asks for logs/configs, provide minimal, redacted samples or run the assessment against a non-production environment; (4) be cautious about following copy-paste commands or configs verbatim — review them before applying; and (5) treat links to paid 'context packs' or external sites as separate vendors (do not share credentials or internal data when following those links). If you need higher assurance, request a skill from a known vendor or ask the publisher for provenance and a homepage before use.

Like a lobster shell, security has layers — review code before you run it.

cybersecurityvk97c18r5ycrt8wdvc0xchyv5a581ffqcinfosecvk97c18r5ycrt8wdvc0xchyv5a581ffqclatestvk97c18r5ycrt8wdvc0xchyv5a581ffqcowaspvk97c18r5ycrt8wdvc0xchyv5a581ffqcpentestvk97c18r5ycrt8wdvc0xchyv5a581ffqcsecurityvk97c18r5ycrt8wdvc0xchyv5a581ffqc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
OSLinux · macOS · Windows

Comments