ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Threat Intel V2

v1.0.0

Aggregates and analyzes open-source intelligence (OSINT) data from multiple sources to identify threats, validate indicators, and enrich security investigati...

0· 88·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a multi-source OSINT aggregator (including proprietary feeds) and lists external API endpoints and pricing, which is coherent with the stated purpose. However, there is no homepage/source repository and no declared authentication mechanism or credentials. Aggregating proprietary feeds typically requires upstream API keys or licenses; the absence of any required env vars or security/schema in the provided openapi.json is an inconsistency that reduces transparency about how the service obtains paid/proprietary data.
!
Instruction Scope
The instructions are an API description that points the agent to external endpoints (Kong route: https://api.mkkpro.com/security/threat-intel-v2 and API docs at https://api.mkkpro.com:8011/docs). Using the skill will cause whatever indicators you provide to be sent to those external hosts. The SKILL.md does not document authentication headers, rate-limiting behavior for anonymous use, or how submitted data is stored/retained—this is a privacy and data-exfiltration concern for sensitive indicators.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes local persistence and filesystem risk; nothing is downloaded or executed locally by the skill package itself.
Credentials
No environment variables or primary credential are declared. That is safe for local secrets, but also unexpected given the pricing/tier information and claim of proprietary feed aggregation. Typically a user-facing aggregator API requires an API key (not declaring one is an opaque design decision). If the backend requires credentials, the SKILL.md should document how to provide them; if not, you should verify intended anonymous usage and any limits or data use policies.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify agent/system configs. It is user-invocable and may be called autonomously (platform default), which increases blast radius if you allow autonomous runs, but that is standard and not in itself a red flag here.
What to consider before installing
This skill will send any indicator you supply to external hosts (api.mkkpro.com / toolweb.in). Before installing or using it: 1) Verify the service owner and trustworthiness (homepage, source repo, contact, SLA). 2) Check the API docs to learn whether an API key is required and how data is authenticated and protected (TLS, headers). 3) Ask how submitted indicators are stored, shared, and retained (privacy/retention policy). 4) Test with non-sensitive indicators first. 5) Prefer skills that document required credentials and provide clear security/privacy policies; if you must use this, consider isolating calls, limiting autonomy, and monitoring outbound requests. Additional information that would raise confidence to 'high': a verifiable homepage/repo, documented authentication/security scheme in openapi.json, and a clear privacy/data-retention policy.

Like a lobster shell, security has layers — review code before you run it.

latestvk9721h73n15wnbfz1s72v3krn1839mvd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments