ClawHub

GenAI CyberSec

v1.0.0

Generate personalized cybersecurity transformation roadmaps based on Microsoft's 5-point blueprint for GenAI-driven cyber defense.

0· 56·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md and openapi.json all describe the same capability (generating transformation roadmaps from assessment data). There are no unexpected required env vars, binaries, or config paths.
Instruction Scope
The runtime instructions and example request show collection of organizational assessment data (including emails and sessionIds), which is appropriate for the stated purpose. However, the provided openapi.json does not declare any servers or security schemes (no auth requirements), so it's unclear where the data would be sent and whether it would be protected. That is an operational/privacy concern rather than an incoherence with purpose.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute, which is proportional to the described functionality and lowers the risk of arbitrary code execution on install.
Credentials
The skill declares no environment variables, credentials, or config paths. It only consumes structured assessment data in requests, which matches the roadmap-generation function.
Persistence & Privilege
always:false and default model-invocation settings are used. The skill does not request permanent presence or elevated system privileges.
Assessment
This skill appears internally consistent, but before sending real organizational data: 1) Confirm who operates the API (source/homepage is unknown) and where requests are sent — openapi.json lacks a servers entry. 2) Ask whether the API requires authentication and how data is stored/retained. 3) Test with non-sensitive/example data first. 4) If you must submit real or classified information, require contractual/privacy controls and encryption in transit and at rest. If you need more assurance, request the skill author to provide the API host, security scheme, and a privacy/data-retention statement.

Like a lobster shell, security has layers — review code before you run it.

latestvk979k90c1ck6x09mc5t7hagy3583tg5v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments