IONSEC Threat Intel
v1.0.1Query multiple threat intelligence services for IOC enrichment including IP reputation, domain analysis, URL scanning, hash lookups, and malware detection. U...
⭐ 0· 73·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (IOC enrichment) match the implemented code. All required API keys and services (VirusTotal, GreyNoise, Shodan, etc.) are relevant to threat-intel functionality. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md instructs the agent and user to query external TI services and to run an interactive setup that writes keys to a skill-local config.json. The runtime instructions and scripts only reference service endpoints and skill-local files; they do not attempt to read system-wide credentials or unexpected host files. Note: the skill will create and use a .cache directory and a config.json next to the skill to store rate-limit state, cached responses, and optionally saved API keys.
Install Mechanism
No install spec or external downloads; code is bundled with the skill. Nothing is fetched from arbitrary URLs during install. No installer creates system-wide binaries or writes outside the skill directory.
Credentials
The environment variables and API keys mentioned (VT_API_KEY, GREYNOISE_API_KEY, SHODAN_API_KEY, etc.) correspond directly to the external services the skill integrates with. Keys are optional for free-service fallback; using env vars is supported and takes precedence over the local config file.
Persistence & Privilege
always:false (not forced into every agent run). The skill writes only to its own skill-local files (config.json and a .cache directory) and does not modify other skills or global agent configuration. It may exec the included setup script when explicitly invoked.
Assessment
This skill appears to do what it claims: aggregate threat-intel from many public and API-key services. Before installing, consider: (1) API keys you provide may be saved to the skill's config.json in the skill directory (you can prefer environment variables instead to avoid writing keys to disk); (2) the skill will create a .cache directory and a rate_limits.json state file next to the skill to store cached responses and rate-limit state; (3) the code contains some bugs/typos (e.g., variable name mistakes in AbuseIPDB classification) which may cause runtime errors — expect occasional failures and check logs; (4) the skill makes network requests to the listed third-party endpoints (VirusTotal, Shodan, GreyNoise, URLScan, etc.), which may have privacy, rate-limit, or billing implications when you enable API keys; (5) run in a controlled environment if you are concerned about storing keys or creating files. If you want higher assurance, review the bundled scripts (they are included) or run the skill in an isolated container before giving it production access.Like a lobster shell, security has layers — review code before you run it.
latestvk97etmytvw4r551kaxtrpk4jnh84kbb1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.