ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

K8s Incident Response Playbook Generator

v1.0.0

Generate Kubernetes incident response playbooks tailored to specific incident types, severity levels, and cluster configurations. Use when responding to K8s...

0· 112·1 current·1 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim an API-backed playbook generator; required binary (curl) and primary env var (TOOLWEB_API_KEY) align with that purpose and appear proportionate.
!
Instruction Scope
SKILL.md explicitly mandates always calling the external ToolWeb API and forbids answering from local knowledge. The instructions gather detailed, sensitive inputs (cluster names, IOCs, internal workload identifiers, detection artifacts) and give no guidance on redaction, minimization, or what data is retained — creating a risk that sensitive incident data will be transmitted offsite without constraints.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk by the skill itself. This is the lowest-risk install mechanism.
Credentials
Only one required env var (TOOLWEB_API_KEY) is declared and is appropriate for an external API. However, the skill's runtime instructions request many sensitive runtime inputs (not environment variables) that could expose secrets or internal identifiers when sent to the API.
Persistence & Privilege
always:false, no config paths or system-wide modifications requested, and the skill does not request persistent presence or special system privileges.
What to consider before installing
This skill works by sending incident details to https://portal.toolweb.in and requires a TOOLWEB_API_KEY; that is coherent with its description but has privacy implications. Before installing: verify the provider (portal.toolweb.in) and its privacy/retention/security policies; avoid sending real sensitive identifiers (use redacted or representative names) until you trust the service; consider testing with non-production/dummy data; ensure the API key has least privilege and is rotated if compromised; confirm the service's compliance posture if you handle regulated data (PCI, HIPAA, etc.). If you need the agent to produce guidance offline or keep data in-house, this skill's 'always call the API / do not answer locally' instruction makes it unsuitable. If you want stronger assurances, request the vendor's data retention and encryption details or use an internal/offline playbook generator instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d5f6r19gvhf75xj86zdz8ch8350kc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚨 Clawdis
OSLinux · macOS · Windows
Binscurl
EnvTOOLWEB_API_KEY
Primary envTOOLWEB_API_KEY

Comments