ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

IR Playbook Generator

v1.0.0

Generates customized incident response playbooks tailored to organizational assessment data and security requirements.

0· 53·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (IR Playbook Generator) match the included OpenAPI schema and SKILL.md examples. The skill does not request unrelated binaries or credentials, which is proportionate to a document-generation tool. However, the skill is an instruction-only bundle with no declared backend server URL or author/homepage, so it's unclear how/where the API would actually run.
!
Instruction Scope
SKILL.md defines input data (assessmentData, sessionId, userId, timestamp) and sample responses but does not state the endpoint base URL, authentication, or where requests are transmitted. That omission creates a risk: an agent using this spec might send sensitive organizational assessment data to an unknown remote endpoint or to a platform-mapped host without explicit user consent. The instructions are otherwise limited to generating playbooks and do not explicitly instruct reading local files or environment variables.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes on-disk execution risk; nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. However, the API expects structured assessmentData that may contain sensitive or regulated information (PII, system inventories, compliance status). Because the skill provides no provenance or data-handling policy, there's a potential for sensitive data to be transmitted outside the organization without declared safeguards.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not appear to alter other skills or system configurations. It does not request elevated privileges.
What to consider before installing
This skill appears to do what it says (generate incident response playbooks) and does not request credentials or install code, but it lacks an author, homepage, and any server/hosting information in its OpenAPI spec. Before using it with real data, ask the publisher: (1) Where will the assessmentData be sent/executed? (server base URL and hosting/ownership); (2) Is data retained or logged, and for how long? (retention and access controls); (3) Is processing done locally or on a third-party service, and is it encrypted in transit and at rest? If you cannot confirm these, avoid sending real production or PII-containing assessmentData—test with synthetic/dummy inputs only. If you need this functionality but must keep data in-house, prefer a vetted tool with clear hosting or a local/offline implementation.

Like a lobster shell, security has layers — review code before you run it.

latestvk976y3ghzc0easfrbgvf662x9983v155

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments