Cyber Kill Chain
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only security assessment API, but it may involve submitting sensitive security-control details to an external provider.
This skill appears purpose-aligned and has no code or local permissions, but treat submitted control gaps and notes as sensitive. Confirm the external provider and avoid sending confidential security posture details unless you trust the service and its data-handling practices.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with real data, the service could receive information about which defenses are missing or incomplete.
The sample request shows users may submit detailed security-control gaps and implementation notes, which are sensitive organizational security posture data.
"controls": { ... "notes": "Domain registration monitoring not yet implemented" }Use sanitized or non-confidential assessment data unless the provider, retention policy, and data-handling terms are acceptable.
Users have less registry-level information for verifying who operates the service before sharing assessment data.
The registry metadata does not identify a source repository or homepage, which limits provenance review for an external assessment service.
Source: unknown; Homepage: none
Verify the provider identity and service terms through trusted channels before submitting real organizational security information.