ClawHub

Data Breach Response

v1.0.0

Generates customized, phased data breach incident response playbooks with tool recommendations and compliance checklists based on your organization's profile.

0· 84·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (data breach response playbook generator) aligns with the provided SKILL.md and openapi.json. The API endpoints and request/response schemas match the stated functionality (POST /api/breach-response/plan, GET tools/phases, health check). There are no unrelated binaries, env vars, or config paths requested.
Instruction Scope
SKILL.md contains an API spec and example requests/responses that require the agent to send organizational assessmentData (companyName, industry, dataTypes, existingTools, compliance, sessionId, timestamp). The instructions do not ask the agent to read local files, system credentials, or other system state. However, they do entail transmitting potentially sensitive organizational information to the skill's backend.
Install Mechanism
No install spec and no code files to execute locally (instruction-only). This minimizes local persistence and execution risk; nothing will be downloaded or written to disk by an installer.
!
Credentials
The skill requests no environment variables or credentials, which is proportionate. But the API accepts detailed organization data (including types of sensitive data and existing security tooling). Because the source and hosting details are unknown (no homepage, no server URL in openapi.json), sending real PII/PCI/compliance information could expose sensitive data to an untrusted third party. The skill does not request credentials, but it could still collect and store sensitive assessment data.
Persistence & Privilege
Skill is not always-enabled and does not ask for elevated platform privileges. There is no indication it modifies other skills or system-wide configuration.
Assessment
This skill appears to do what it says (generate breach response playbooks) and has no local install or credential requests, but it will accept and transmit potentially sensitive organizational assessment data to the skill's backend. Before installing or using it: (1) ask the publisher for the service host, privacy/security policy, data retention and deletion practices, and whether data is stored or logged; (2) confirm the API is served over TLS and who controls the servers; (3) avoid sending real PII/PCI/PHI or internal identifiers in requests until you trust the provider—use anonymized or redacted sample data for testing; (4) prefer a self-hosted or on-premise tool if you must process sensitive incident data; and (5) if provenance cannot be established, treat this as untrusted and refrain from sending confidential organizational details.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bppbk854ckczx2p707rpbzd83tk36

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments