CyberSec Cert Advisor
v1.0.0Generate personalized cybersecurity certification and career advancement plans based on individual assessment data and professional goals.
⭐ 0· 78·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description (certification/career advisor) align with the SKILL.md and openapi schema: both describe taking assessmentData and returning a certification plan. There are no unrelated env vars, binaries, or install actions requested. Note: the package provenance is unknown (no homepage, source unknown, owner ID only), which reduces trust but does not contradict the stated purpose.
Instruction Scope
The SKILL.md contains only API documentation, sample requests/responses, and endpoint schemas. It does not instruct the agent to read local files, access unrelated environment variables, or exfiltrate system data. One practical gap: the OpenAPI description does not include a server/base URL, so the instructions are incomplete about where network requests would be sent.
Install Mechanism
No install spec and no code files beyond documentation/OpenAPI. This is the lowest-risk model (instruction-only). Nothing is written to disk or installed by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to a guidance/analysis skill. Caution: the skill is designed to accept personal assessmentData — if the agent were configured to call a remote API, that could transmit sensitive personal data to an external service, so confirm endpoint and privacy practices.
Persistence & Privilege
always is false and there are no statements about modifying agent/system configuration. The skill does not request persistent privileges or special system presence.
Assessment
This skill appears internally consistent and low-risk as an instruction-only advisor, but there are two practical concerns to address before using it with real personal data: (1) provenance — the package has no homepage or author information you can verify, so consider whether you trust the owner ID; (2) destination — the OpenAPI spec lacks a server/base URL, so find out (and verify) the exact endpoint the agent will call and confirm it uses HTTPS and a privacy policy you accept. Avoid sending PII or employer-sensitive details until you confirm who hosts the service, where data is stored/processed, and how long it will be retained. If you prefer, ask for a self-contained/local version (no external network calls) or a clear server URL and privacy terms before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk972vnmt394tqshsvmvk30q2vd83hfq6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.