shodan-skills
v1.0.0查询 Shodan 物联网搜索引擎获取设备信息、安全数据和网络资产;当用户需要进行 IP 地址分析、设备搜索、DNS 查询、网络安全评估或获取物联网设备信息时使用
⭐ 0· 104·0 current·0 all-time
by末心@moxin1044
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, declared primaryEnv (SHODAN_API_KEY), SKILL.md usage, and the included scripts all align: the skill queries Shodan endpoints for host/search/count/dns/etc. The single required credential is exactly what Shodan API access needs.
Instruction Scope
SKILL.md instructs the agent to run the bundled scripts which only read SHODAN_API_KEY from the environment and call api.shodan.io endpoints. There are no instructions to read unrelated files, other env vars, or to exfiltrate data to third‑party endpoints.
Install Mechanism
This is instruction-plus-source (no install spec). The only dependency is requests==2.28.0 as declared in SKILL.md; no external downloads, URL shorteners, or archive extraction are used. Risk from install is low but the runtime needs the Python requests package available.
Credentials
Only SHODAN_API_KEY is required and is justified by the skill's purpose. The code reads that env var and sends it to api.shodan.io as a query parameter (expected for Shodan). No other credentials or config paths are requested.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes or persistent elevated privileges. Autonomous invocation is allowed by default but combined with limited scope and single API key this is expected.
Assessment
This skill appears coherent and implements Shodan API calls as described, but consider the following before installing: (1) Protect your SHODAN_API_KEY — store it securely and avoid sharing logs that include it. The script sends the key as a query parameter (Shodan's documented method), which can appear in logs or proxies. (2) Be mindful of legal/ethical constraints: querying or enumerating devices you do not own or have permission to test can be unlawful. (3) Observe Shodan rate limits and use count/facets to reduce quota usage. (4) Ensure Python and the requests dependency are installed from trusted sources. (5) If you need stronger assurance, review the included scripts yourself (they are small and readable) or use a read-only / limited Shodan key if available.Like a lobster shell, security has layers — review code before you run it.
latestvk97f7j6v0yc54z7s3b6fx1rged83anz7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
EnvSHODAN_API_KEY
Primary envSHODAN_API_KEY