cyber-events-log-abstract
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill broadly matches its security-summary purpose, but it embeds an XDR API key, weakens HTTPS checks, and keeps raw security-event data locally, so it needs review before use.
Install only if you trust the publisher and own the referenced XDR environment. Ask for the embedded API key to be removed and rotated, require secure user-provided credentials, enable proper TLS verification, and define how raw security-event data will be stored and cleaned up.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the skill package may be able to read or use the XDR API key if they can reach that network, potentially exposing sensitive security-event data.
The skill embeds a credential for a specific XDR service in code rather than requiring a user-provided, scoped secret.
API_URL = "https://10.50.86.28/xdr/openapi/v1.0/risk/listDetail"
API_KEY = "7445a03b..."
HEADERS = { "apikey": API_KEY, ... }Remove and rotate the hard-coded key, require the user to provide credentials through a secure secret store or environment variable, and document the exact required XDR permissions.
A network attacker or misconfigured proxy could intercept or tamper with the API traffic more easily, including the embedded credential and event results.
The API request disables certificate verification and suppresses the related warning while sending an API key and receiving sensitive event data.
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) ... requests.get(..., verify=False, timeout=120)
Use valid TLS certificates and keep certificate verification enabled; if an internal CA is required, configure that CA explicitly rather than using verify=False.
Raw incident records, IPs, and asset/security details may remain on disk across runs and could be accessed by later tasks, local users, backups, or other tooling.
The skill persistently saves the raw XDR API response, not just the generated summary, under the user's OpenClaw workspace without a documented retention limit.
raw_data_dir = os.path.join(os.path.expanduser("~"), ".openclaw", "workspace", "skills_data", "security_events_raw") ... json.dump(data, f, ensure_ascii=False, indent=2)Disclose raw-data retention, minimize or redact stored data, provide a cleanup/retention policy, and let users opt out of saving raw API responses.
If scheduled, the skill may continuously collect and store security-event data and could create many local raw-data/report files.
The skill recommends recurring hourly execution; this is user-directed rather than hidden, but it would repeatedly call the XDR API and write output files.
建议用 cron 表达式每小时触发一次: - `0 * * * *`(每小时)
Only configure cron deliberately, use the narrowest needed time range, monitor generated files, and define cleanup for old raw data and reports.
Users cannot fully verify everything this script does from the provided review artifact.
The provided artifact for security_report.py is truncated, so the full behavior of a code file with sensitive API access cannot be completely reviewed from the supplied content.
"truncated": true
Provide the complete source file and provenance details before installation, especially because the skill contains credentials and network access.