ClawHub

OT Security Assessment

v1.0.0

Assess OT/ICS security posture across 30 controls in 6 principles — Business Driven, Risk Based, Enterprise Wide, Methodical, OT Security Focused, and OT Sec...

0· 92·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the declared behavior: the skill is an API-backed OT/ICS assessment. The only required env var (TOOLWEB_API_KEY) and required binary (curl) are proportionate and expected for a remote assessment service.
Instruction Scope
The SKILL.md explicitly requires always calling the external ToolWeb API and forbids answering from local knowledge. This is coherent with a proprietary scoring service, but it means any user-provided OT/ICS details (including potentially sensitive infrastructure information) will be transmitted to the remote API. Users should be aware of data sensitivity and the portal's privacy/billing policies.
Install Mechanism
Instruction-only skill with no install spec or downloaded artifacts. No files are written or binaries installed by the skill itself — lowest-risk install posture.
Credentials
Only one required secret (TOOLWEB_API_KEY) is declared and used as the primary credential — proportional for a hosted API service. No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide persistence or modify other skills. Agent autonomous invocation is allowed (default) but not excessive on its own.
Assessment
This skill is coherent but sends assessment data to https://portal.toolweb.in. Before installing or using it: (1) verify the portal and vendor reputation and read their privacy and data retention policies; (2) avoid sending highly sensitive production credentials or details — treat the controls data as potentially visible to the service operator; (3) review pricing/billing limits so you understand call costs; (4) create and use an account/API key with least privilege and rotate it if compromised; (5) if you need offline or internal-only assessments, do not rely on this skill since SKILL.md requires external API calls; (6) test with non-sensitive sample data first to confirm behavior. If you want, I can suggest checklist items to vet portal.toolweb.in or draft a minimal example controls payload you can use for a safe test call.

Like a lobster shell, security has layers — review code before you run it.

latestvk973cxaad37cez9s5zhw677r4d8347mf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏭 Clawdis
OSLinux · macOS · Windows
Binscurl
EnvTOOLWEB_API_KEY
Primary envTOOLWEB_API_KEY

Comments