ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

IR Readiness

v1.0.0

Comprehensive evaluation of incident response capabilities with maturity scoring and phase-based assessment framework.

0· 51·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and openapi.json describe an external IR assessment API (endpoints, pricing, and ToolWeb links). That purpose is reasonable, but the package does not declare a base URL or any required API key/credential, which is unexpected for a paid API and suggests incomplete metadata.
Instruction Scope
The runtime instructions are limited to API endpoint definitions, request/response examples, and usage guidance. There are no instructions to read local files, environment variables, or system state, nor any steps that would exfiltrate data beyond calling the described API.
Install Mechanism
This is an instruction-only skill with no install spec and no included code files, so nothing is written to disk or installed — lowest-risk install behavior.
Credentials
The skill requests no environment variables or credentials. For an API that lists commercial plans and external endpoints, one would typically expect an API key or token to be required; the absence of any declared auth mechanism or servers is an inconsistency that should be explained.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request permanent presence or elevated privileges and does not claim to modify other skills or agent configuration.
What to consider before installing
Before installing, ask the skill/vendor these questions: (1) What is the API base URL (server) the skill will call? (openapi.json currently lacks servers). (2) Does the API require an API key or other credential? If so, why isn't that declared and how will you provide it securely? (3) What data is logged or retained by the remote service (PII, assessment responses)? (4) Can you test with non-sensitive example data first? Until you get answers, avoid sending real incident details or secrets through the skill. If you plan to use it in production, request a security/data-processing addendum and ensure network calls go to the documented domain/IP and not an unknown host.

Like a lobster shell, security has layers — review code before you run it.

latestvk97as5e9z5ezvm1r0gqekm2aj183v7rg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments