ClawHub

Risk Assessment

v0.1.0

Framework-directable information security risk assessment. Identifies threats, evaluates likelihood/impact via a 3x3 matrix, maps findings to any compliance...

0· 439·6 current·6 all-time
by@dangsllc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included SKILL.md and example. No binaries, env vars, or install steps are declared that would be unrelated to performing a written risk assessment.
Instruction Scope
The SKILL.md instructs the agent to review provided context, uploaded documents, and optional framework appendices — which is expected. However the allowed-tools list (Read, Glob, Grep, WebFetch) would permit the agent to read files or fetch URLs; ensure the agent runtime is only given access to documents you intend it to read (do not expose unrelated system files or secrets).
Install Mechanism
No install spec is present (instruction-only skill). Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. Example code references an Anthropic client but that is an example only and not a declared runtime requirement of the skill.
Persistence & Privilege
always is false and disable-model-invocation is default (agent may invoke autonomously). This is normal; the skill does not request elevated or persistent system presence.
Assessment
This skill appears coherent and appropriate for producing formal risk assessments. Before installing or invoking it: only provide the context and documents you intend the agent to inspect (avoid uploading credentials, private keys, or unrelated system files); if the agent runtime exposes filesystem or network access, restrict those capabilities to a safe workspace; the examples reference using an API client (Anthropic) — do not hardcode API keys into skill files. Finally, review the generated findings before acting on them (the assistant's recommendations should be validated by a human assessor).

Like a lobster shell, security has layers — review code before you run it.

latestvk9746r8gvjx38axtzsgp96xje582agff

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments