ClawHub

ITSM Security Maturity

v1.0.0

Comprehensive ITSM/ITIL security maturity evaluation platform for assessing organizational compliance and process maturity across eight critical ITSM domains.

0· 64·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md and openapi.json all describe an ITSM maturity assessment API. There are no unexpected binaries, environment variables, config paths, or installers requested — this aligns with an instruction-only API integration skill.
Instruction Scope
The runtime instructions describe API endpoints, sample requests/responses, and expected request body shapes. They do not instruct reading files, environment variables, or system paths. However the instructions are incomplete: no server base URL, no authentication mechanism, and no guidance on where requests will be sent. That ambiguity should be resolved before allowing network calls or automated invocation.
Install Mechanism
No install spec and no code files beyond docs/OpenAPI. Nothing will be written to disk or installed by an installer — this is low risk and consistent with an instruction-only skill.
Credentials
The skill declares no required environment variables or credentials. That is proportionate to a simple API documentation/assessment tool. Note: absence of auth could mean endpoints are intended to be public or host-specific — verify expected authentication and data handling before sending real organizational data.
Persistence & Privilege
always is false and the skill does not request special persistent privileges. Autonomous invocation (disable-model-invocation=false) is allowed by default; combined with the skill's lack of host/auth this is not a new risk but you should decide whether to allow network-capable invocation for an incomplete API.
Assessment
This skill appears to be a straightforward API spec and assessment template (no code or install), so it is internally coherent. Before installing or enabling autonomous use: 1) Ask the publisher for the API base URL(s) and authentication method (API key, OAuth, etc.). 2) Confirm the operator/owner identity, privacy policy, and where assessment data will be sent or stored. 3) If you plan to run it with real organizational data, test with non-sensitive/dummy data first. 4) If the agent is allowed to make network requests autonomously, consider restricting that capability or requiring manual invocation until you verify the remote service and its security controls.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cdj4w5e78401hc8g28f25b183v2nn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments