Agent Threat Intelligence Exchange
v1.3.1Agent Threat Intelligence Exchange. Build agent-to-agent threat intelligence marketplaces: STIX/TAXII feed listing, paywall-gated IOC access, reputation-veri...
⭐ 0· 123·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The skill name, description, and SKILL.md all describe the same goal: building agent-to-agent threat-intel marketplaces (STIX/TAXII, paywalls, escrow, reputations). There are no unexpected required binaries, env vars, or install steps declared that would be unrelated to that purpose.
Instruction Scope
The SKILL.md is a long technical guide with runnable code examples that call the GreenHelix API, implement escrow/payments, and handle cryptographic reputation chains. The file claims the examples use a sandbox that requires no API key, but because the guide targets live API usage and payment flows, some examples (particularly for production use) may need credentials or handling of sensitive data. I did not find instructions in the provided excerpt that tell the agent to read unrelated local files or secrets, but you should review the full SKILL.md for any code snippets that reference local file paths, environment variables, or broad network endpoints before executing them.
Install Mechanism
This is instruction-only with no install spec and no code files. That is low-risk from an automated-install perspective: nothing will be downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is consistent with the claim that the GreenHelix sandbox provides starter access without API keys. However, the guide covers payments, escrow, cryptographic reputation chains, and live API interactions — all of which typically require API keys, payment credentials, or cryptographic keys in real deployments. If you move beyond the sandbox, expect to provide and protect such secrets; verify any code examples for instructions that set or read env vars or keys before running them.
Persistence & Privilege
The skill is not marked always:true and does not request to modify other skills or system-wide settings. As an instruction-only guide, it does not request persistent presence or elevated platform privileges.
Assessment
This guide appears coherent for teaching how to build an agent-to-agent threat-intel marketplace on GreenHelix and is instruction-only (no install or declared secrets). Before using it: 1) Review the full SKILL.md for any code that reads environment variables, local files, or network endpoints beyond sandbox.greenhelix.net. 2) Never paste production API keys, payment credentials, or private crypto keys into code you haven't audited; run examples first in the advertised sandbox. 3) Be mindful that implementing paywalls, escrow, and trading of IOCs has legal, privacy, and compliance implications for your organization — consult legal/compliance before exchanging real IOCs or accepting payments. 4) If you plan to deploy the example system in production, audit any third-party libraries the sample code uses and run them in isolated environments. If you want a deeper review, provide the specific code examples (full SKILL.md sections) and I'll flag any lines that access secrets, file paths, or unexpected external endpoints.Like a lobster shell, security has layers — review code before you run it.
ai-agentvk977jms9ad2b5g3t1yyv3ytk6s84xzrgcybersecurityvk977jms9ad2b5g3t1yyv3ytk6s84xzrggreenhelixvk977jms9ad2b5g3t1yyv3ytk6s84xzrgguidevk977jms9ad2b5g3t1yyv3ytk6s84xzrgiocvk977jms9ad2b5g3t1yyv3ytk6s84xzrglatestvk977jms9ad2b5g3t1yyv3ytk6s84xzrgmarketplacevk977jms9ad2b5g3t1yyv3ytk6s84xzrgopenclawvk977jms9ad2b5g3t1yyv3ytk6s84xzrgsocvk977jms9ad2b5g3t1yyv3ytk6s84xzrgstixvk977jms9ad2b5g3t1yyv3ytk6s84xzrgtaxiivk977jms9ad2b5g3t1yyv3ytk6s84xzrgthreat-intelvk977jms9ad2b5g3t1yyv3ytk6s84xzrg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.