ClawHub

OT Security Career

v1.0.0

Professional career roadmap platform for OT/ICS/SCADA security specialists with personalized learning paths and skill assessments.

0· 53·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name, description, SKILL.md, and openapi.json all describe a career-roadmap API and are internally consistent; no unexpected binaries, credentials, or config paths are requested. However, the package has no homepage and an unknown source owner, which reduces provenance confidence (this is an implementation/administrative concern rather than a technical mismatch).
Instruction Scope
SKILL.md contains concrete API endpoints (/ , /health, POST /api/ot-security/roadmap) and example request/response bodies; it does not instruct the agent to read unrelated files, environment variables, or system paths. Two items to note: (1) there is no server/base URL specified in the OpenAPI or SKILL.md, so the agent or integrator must supply an endpoint to call; (2) the assessmentData may include personal/professional details — verify how and where that data will be transmitted and stored before sending real PII.
Install Mechanism
No install spec and no code files beyond SKILL.md and openapi.json — instruction-only skill. This minimizes filesystem/installation risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. Nothing requests access to unrelated services or secrets.
Persistence & Privilege
always is false and the skill does not request permanent presence or elevated privileges. Autonomous invocation is allowed by default but is not combined with other red flags here.
Assessment
This skill appears coherent and low-risk from a technical footprint perspective: it is instruction-only, asks for no credentials, and documents a simple API. Before installing or using it, verify the provider/source (there's no homepage or known publisher listed) and confirm the backend URL the agent will call — the OpenAPI lacks a servers/base URL. Treat any assessmentData you send as potentially sensitive (professional background, IDs, timestamps). If you will send real personal or employer data, ask where it will be stored, who can access it, and for a privacy/security policy or contact. If you cannot verify the service origin or hosting, avoid sending sensitive information.

Like a lobster shell, security has layers — review code before you run it.

latestvk979rcwymx3fe7p1kv8eam6zt983sy0m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments