ClawHub

TrendAI Vision One Threat Intelligence

v1.0.0

Query TrendAI Vision One threat intelligence. Use when: looking up IOCs (IP, domain, hash, URL, email), checking threat feeds, reading intelligence reports,...

0· 65·0 current·0 all-time
by@andresark
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description map to the requested resources: only VISION_ONE_API_KEY (and optional VISION_ONE_REGION) and python3 are required, which are appropriate for calling Trend Micro Vision One APIs. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the CLI source limit actions to Vision One API calls (feedIndicators, feeds, suspiciousObjects) and local formatting/caching. The only write action is 'suspicious add', which the docs mark as requiring explicit user confirmation. The runtime instructions do not request or read unrelated files or env vars.
Install Mechanism
There is no install spec (instruction-only skill for copy-in use) and the code uses only Python stdlib. No external downloads, package installs, or archive extraction are performed by the skill bundle itself.
Credentials
Only VISION_ONE_API_KEY is required (primaryEnv). An optional VISION_ONE_REGION is documented. No other SECRET/TOKEN/PASSWORD env vars are requested. The key's requested permissions are consistent with read operations and an optional configure permission for suspicious add.
Persistence & Privilege
always:false (no forced global enable). The skill stores short-lived cache files under a TMP cache directory (os.environ TMPDIR or /tmp), which is reasonable for caching API responses. It does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do exactly what it claims: it runs local Python code that calls Trend Micro Vision One endpoints using the VISION_ONE_API_KEY. Before installing, verify you trust the skill source (homepage points to a GitHub repo but 'Source' is listed as unknown), and ensure the API key you supply has least-privilege: give only Threat Intelligence 'View' permissions for read-only use and add 'Configure' only if you need to use 'suspicious add'. Be aware 'suspicious add' is a write operation that can affect your org's block list — require human confirmation before running. The skill writes short-lived cache files to /tmp; if that is a concern, review or modify scripts/lib/cache.py. If you need higher assurance, review the referenced GitHub repo history and owner before use and rotate the API key if you suspect misuse.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qwe290h18f6vd6bbcw9gc984kv1y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binspython3
EnvVISION_ONE_API_KEY
Primary envVISION_ONE_API_KEY

Comments