ClawHub

BloodHound Narrator

v1.0.1

Turn BloodHound attack path exports into dual-layer security reports — CISO executive prose on top, technical remediation playbook below. Automates Active Di...

0· 73·0 current·0 all-time
by@kurostrike
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (convert BloodHound exports into dual-layer reports) match the included files and runtime behavior. The package contains PowerShell classifiers and narrative templates consistent with generating executive and technical Markdown reports from BloodHound JSON.
Instruction Scope
SKILL.md instructs purely local operations: read a JSON export, classify paths, and write a Markdown report. The included PowerShell code only reads local files, builds text output, and writes to disk; it does not make network calls or reference external endpoints or unrelated system credentials.
Install Mechanism
No install spec is provided (instruction-only with bundled scripts). The runtime wrapper copies local .txt PowerShell sources to a temp .ps1 and executes them with pwsh — a transparent, local execution pattern. No archives or remote downloads are used.
Credentials
The skill requires no secrets or config paths at runtime and does not access environment credentials. Minor metadata inconsistencies: SKILL.md declares 'bins: pwsh' and instructs installing PowerShell, but the registry 'Required binaries' field was empty; the registry version is 1.0.1 while SKILL.md header lists 1.0.0. These are bookkeeping issues, not functional red flags, but you should verify pwsh availability before running.
Persistence & Privilege
always:false and no persistent agent/system changes. The scripts create temporary files in /tmp and remove them; they do not modify other skills, system-wide agent settings, or store credentials.
Assessment
This skill appears to do what it says: it parses a BloodHound Cypher-export JSON locally and emits a Markdown report with executive prose and remediation steps. Before installing/running: (1) ensure PowerShell (pwsh) is installed and trusted on the host, (2) run the bundled tests in an isolated environment if you want to validate behavior (tests call pwsh/Pester), (3) review the included PowerShell templates yourself (they are human-readable) if you have policy concerns, and (4) note minor metadata mismatches (declared version in files vs registry and missing 'required binary' in registry) — these are administrative inconsistencies, not functional or exfiltration issues. If you plan to run this on sensitive hosts, run it on a jump-host or admin workstation rather than directly on domain controllers, and avoid feeding it exports that include credentials or other secrets you don't want written to disk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fa352hmfw2h7dq5znmvays983hp7k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments