ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Container Runtime Threat Model Generator

v1.0.0

Generate container runtime threat models analyzing attack surfaces across container components, images, privileges, network exposure, and security controls....

0· 97·1 current·1 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the required inputs and behavior: a container threat-modeling service. Requested binaries (curl) and the single API key (TOOLWEB_API_KEY) are consistent with an external API-based tool.
!
Instruction Scope
SKILL.md explicitly requires ALWAYS calling the external ToolWeb API and forbids generating threat models from local knowledge. The instructions collect detailed container configuration (images, volumes, capabilities, host namespaces, secrets management, data classification) which may include highly sensitive information. That data will be sent to portal.toolweb.in on every use — this is expected for an API-backed skill, but it raises data exposure and privacy concerns that are outside the skill's technical purpose.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal on-disk footprint and no arbitrary downloads. This is low install risk.
Credentials
Only requests a single credential (TOOLWEB_API_KEY) which fits an external service. However, the runtime prompts encourage submitting sensitive runtime config (e.g., mounted volumes like /var/run/docker.sock, secret handling methods, credentials) which could expose secrets to the remote API. The skill itself does not request unrelated credentials or system config paths.
Persistence & Privilege
always: false and no special persistence or modification of other skills or system settings. Agent autonomous invocation remains possible (platform default) but is not requested to be forced-always-on.
What to consider before installing
This skill legitimately offers container threat modeling via a hosted API, but it requires you to send detailed configuration data to portal.toolweb.in. Before installing or using it: (1) Verify ToolWeb's privacy/security policy and where data is stored/retained; (2) Avoid sending secrets, plaintext credentials, full Docker socket paths, or production-only identifiers — sanitize or redact sensitive fields when possible; (3) Consider testing with redacted or synthetic data first; (4) Restrict the API key's scope and rotate it if exposed; (5) If you need an offline analysis or cannot share sensitive data externally, consider local/open-source threat-modeling tools instead. If you want me to proceed, I can also describe a threat model locally without calling the API (note: the skill's instructions forbid that, but I can provide general STRIDE guidance if you prefer not to share data).

Like a lobster shell, security has layers — review code before you run it.

latestvk976z6jegz52ye82vshsxhn81d835n5a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐳 Clawdis
OSLinux · macOS · Windows
Binscurl
EnvTOOLWEB_API_KEY
Primary envTOOLWEB_API_KEY

Comments