ClawHub

DevSecOps Roadmap

v1.0.0

Generates customized DevSecOps implementation roadmaps based on organizational assessment data and maturity level analysis.

0· 56·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the content: the SKILL.md and openapi.json describe a roadmap generator that accepts structured assessment data and returns a maturity roadmap. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
Runtime instructions are limited to forming/POSTing structured assessment data to the described API and producing roadmap output. The SKILL.md does not instruct the agent to read local files, secrets, or system state outside of the assessment payload.
Install Mechanism
No install spec and no code files that would be written/executed on the host. This is instruction-only with an included OpenAPI spec — low install risk.
Credentials
No environment variables, credentials, or config paths are required. The declared inputs (assessmentData, sessionId, optional userId/timestamp) are appropriate for the stated functionality.
Persistence & Privilege
always is false and the skill does not request persistent system presence or elevated privileges. Autonomous invocation is permitted (default) but that is expected for skills and not by itself a concern.
Assessment
This skill appears internally consistent and low-risk in that it requests no credentials and includes only an OpenAPI spec and usage examples. Before installing or sending real data: 1) Confirm who is hosting the service (the registry shows an unknown owner and no homepage), where requests will be sent, and whether transport/authentication are enforced. The openapi.json does not include explicit server URLs — verify the runtime routing. 2) Avoid sending sensitive secrets, production credentials, or identifiable customer data in assessmentData until you confirm the skill's hosting and privacy practices. 3) Test with synthetic/non-sensitive data first to confirm outputs and where data is transmitted. 4) If you need stronger assurance, ask the provider for a privacy/security statement or run the skill under a network policy that limits outbound endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk975phq2tmc724a4vc3qh3mc5n83tk1n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments