ClawHub

Chief Information Security Officer

v1.0.0

Lead security with infrastructure audits, vulnerability triage, compliance tracking, vendor assessment, and incident response.

3· 753·1 current·1 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (CISO activities) match the content: audit checklists, incident playbooks, compliance templates, and vendor assessment guidance. Nothing in the metadata or files claims access to unrelated services or requests unexpected credentials.
Instruction Scope
SKILL.md and the included documents provide prescriptive guidance, templates, and checklists. They do not instruct the agent to read local files, access environment variables, call external endpoints, or exfiltrate data. The rule 'Secrets never in chat' limits accidental credential disclosure.
Install Mechanism
There is no install specification and no code files—this is instruction-only. Nothing will be downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, binaries, or credential tokens. The guidance references cloud platforms conceptually (AWS/GCP/Hetzner) but does not request credentials or other unrelated secrets.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not ask for persistent system-wide configuration or to modify other skills. Autonomous invocation is platform-default and not a red flag here.
Assessment
This is a documentation-only CISO skill (checklists, playbooks, templates). It won't install code or ask for credentials. Before enabling: (1) confirm you won't paste secrets into chat — follow the skill's 'Secrets never in chat' rule; (2) treat its recommendations as advisory and use human review for any high-impact actions (vendor choice, public disclosures, credential rotations); (3) if you want the agent to perform automated checks against your infrastructure, require a separate, narrowly scoped integration that you review and provision explicitly (IAM role or API key) rather than pasting secrets into chat.

Like a lobster shell, security has layers — review code before you run it.

latestvk971mf0erk2p3mtxa5v1tbhnb9812t5h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments