Hs Ti
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—query Hillstone threat intelligence—but users should notice that it uses an API key, sends queried indicators to Hillstone, and keeps local logs/cache.
This looks like a purpose-aligned Hillstone threat-intelligence skill. Before installing, be comfortable configuring a Hillstone API key, sending queried IPs/domains/URLs/hashes to https://ti.hillstonenet.com.cn, and maintaining local logs/cache. Prefer environment-variable credentials, keep config files private, and periodically review or clear logs if your investigations are sensitive.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less independent source provenance to rely on outside the provided ClawHub artifacts.
The registry metadata provides limited external provenance even though the artifact bundle includes Python code and package metadata. This is a transparency note, not evidence of hidden installation behavior.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install only from a trusted registry/version and review the included files if provenance matters for your environment.
Anyone who can read the API key may be able to use your Hillstone threat-intelligence access or quota.
The skill uses a sensitive Hillstone API key, either from an environment variable or config file, which is expected for this service integration.
"HILLSTONE_API_KEY": { "description": "Hillstone Threat Intelligence API key ...", "required": false, "sensitive": true }Prefer the HILLSTONE_API_KEY environment variable, restrict config.json permissions, and avoid sharing logs or configuration files containing credentials.
Threat-hunting queries may be retained locally in cache or logs, which could reveal what indicators you investigated.
The code enables caching by default and creates a local log file under the user's home directory. This is disclosed and purpose-aligned, but queried IOCs and results can be sensitive investigation data.
self.cache_enabled: bool = True ... self.cache_ttl: int = 3600 ... log_file = log_dir / 'hs_ti.log'
Review log contents and retention, protect ~/.openclaw/logs/hs_ti.log, and disable or shorten caching if queried indicators are sensitive.