ClawHub

threatbook-skills

v1.0.0

集成微步在线威胁情报API,提供文件上传分析、文件信誉查询、多引擎检测、IP信誉查询和失陷检测能力;当用户需要分析可疑文件、查询文件威胁情报、检测IP安全状态或排查主机失陷风险时使用

0· 104·0 current·0 all-time
by末心@moxin1044
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required env var (THREATBOOK_API_KEY), and the included scripts all align: file upload/report, multi-engine, IP reputation, and DNS compromise use ThreatBook endpoints. The requested credential is what this integration needs.
Instruction Scope
SKILL.md directs the agent to run the provided scripts and to supply the API key. All scripts call api.threatbook.cn and only transmit the data required for those queries. Note: file_upload.py will send raw file contents to the external ThreatBook service (expected for this feature) — users should avoid uploading sensitive files. Also SKILL.md examples for the IP script omit the required --api_key argument, causing a small mismatch between docs and code.
Install Mechanism
No install spec; dependency is only requests==2.28.0 declared in the SKILL.md. There are no downloads from arbitrary URLs or archive extraction; risk from installation is low.
Credentials
Only THREATBOOK_API_KEY is declared as required (primary credential) which is proportional. One script (ip_reputation.py) accepts an --api_key CLI argument rather than reading the env var, which is an inconsistency but not a privilege escalation. No unrelated credentials, config paths, or suspicious environment access are requested.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system settings. It does not request persistent elevated privileges.
Assessment
This skill appears to do what it claims: it calls ThreatBook APIs and requires a ThreatBook API key. Before installing, consider: 1) Do not upload sensitive or private files — file_upload.py transmits file bytes to an external service. 2) Set THREATBOOK_API_KEY in your environment (most scripts read it), but note ip_reputation.py requires an --api_key CLI argument (SKILL.md examples omitted this) — either pass the key on the command line or edit the script to read the env var. 3) Confirm you obtained the API key from the official ThreatBook site (api.threatbook.cn) and understand rate limits and data retention policies. 4) If you want stricter safety, review/modify the scripts to avoid uploading files you cannot share, and prefer using hashed queries (file_report/file_multiengines) rather than uploading full binaries.

Like a lobster shell, security has layers — review code before you run it.

latestvk971wccvhn9gxgy1m6ba243c4s83agvr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
EnvTHREATBOOK_API_KEY
Primary envTHREATBOOK_API_KEY

Comments