ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Threat Intel Aggregator

v1.0.0

Aggregates and analyzes threat intelligence data to check targets against known threats and security risks.

0· 63·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README describes a hosted API (pricing, commercial plans, external domains like api.mkkpro.com and toolweb.in) which normally requires a base URL and API credentials; the skill declares no required env vars, no primary credential, and no server configuration. That is disproportionate to an API-integration skill and inconsistent with the stated purpose.
!
Instruction Scope
The SKILL.md documents endpoints (POST /check-threat) and sample requests/responses but does not include a clear, safe runtime instruction for how the agent should reach that service (no base URL in the OpenAPI, no auth method). Without explicit restrictions, an agent using this skill may send user-provided targets to external hosts named in the doc (api.mkkpro.com / toolweb.in), which is sensitive for threat indicators.
Install Mechanism
No install spec or code is present (instruction-only). That minimizes local code execution risk. Nothing is downloaded or written to disk by an installer.
!
Credentials
A hosted threat-intel API with pricing would normally require API keys or tokens, yet the skill requests no credentials or config paths. This absence is disproportionate and could hide implicit dependence on platform-level secrets or require sending data unauthenticated to third parties.
Persistence & Privilege
The skill does not request always:true and has no install-time persistence. It is user-invocable only, and does not ask to modify other skills or system settings.
What to consider before installing
This skill looks like documentation for a hosted threat-intel API but omits critical operational details. Before installing or using it: 1) Ask the publisher for the exact base URL(s) and the required authentication method (API key, token, OAuth) and verify the provider's identity and reputation. 2) Do not send real internal IPs, domain names, or sensitive indicators until you confirm where data will be sent, how it's stored, and what privacy/retention policies apply. 3) If the integration requires API keys, ensure keys will be scoped and stored only in secure platform credential storage (and that the skill declares the env var names). 4) Prefer skills that include a servers field in their OpenAPI and explicitly declare required credentials; absent that, treat this skill as untrusted and test only with non-sensitive samples. If the publisher provides those clarifications (server URL, auth, privacy/processing rules, and expected request/response behavior), this assessment could be revised to benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dt9hkwhqtyhwfjm2trerkr9839m2g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments