ClawHub

Enterprise AI Security Controls Assessment

v1.0.0

Comprehensive AI security posture assessment across 14 enterprise security domains including identity, data protection, prompt injection defense, and complia...

0· 52·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (enterprise AI security assessment) matches the provided SKILL.md and openapi.json: endpoints accept assessment data and return domain scores/findings. There are no unexpected requirements (no cloud credentials, binaries, or privileged config paths) that would be inconsistent with its stated purpose.
Instruction Scope
SKILL.md contains example request/response payloads and an OpenAPI spec for assessment endpoints. It does not instruct the agent to read local system files, environment variables, or other unrelated secrets, nor to transmit data to unexpected third-party endpoints.
Install Mechanism
No install spec and no code files beyond SKILL.md and openapi.json. Because this is instruction-only, nothing is written to disk nor fetched at install time — this minimizes installation risk.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. Note: the assessment payload structure expects potentially sensitive configuration indicators (e.g., KMS integration, encryption status); users should avoid submitting secrets or private credentials in assessmentData because the skill provides no guidance on handling or storage of sensitive inputs.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system presence or modification of other skills. Model invocation is allowed (default), which is expected for a skill of this type and is not by itself a concern.
Assessment
This skill appears coherent and low-risk as an API-style assessment template, but you should still exercise caution before providing any real secrets or live configuration artifacts in assessmentData. Verify the skill's provenance (there is no homepage or known source listed), test with synthetic or redacted data first, and confirm how any submitted data will be stored/used by the service you invoke. If you plan to use it on live systems, prefer hosting the assessment logic internally or behind your enterprise controls and avoid pasting private keys, API tokens, or full configuration dumps into the payload.

Like a lobster shell, security has layers — review code before you run it.

latestvk97707dmg9rnmj34k742eggmn984aftc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments