Klaus IOC Scanner
v1.0.0Analisa URLs, domínios e IPs para verificar reputação e detectar malware ou phishing usando VirusTotal e AbuseIPDB.
⭐ 0· 278·0 current·0 all-time
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim scanning IOCs via VirusTotal and AbuseIPDB and the package indeed queries those services and asks for their API keys. One minor mismatch: SKILL metadata lists curl as a required binary, but the Python code uses the requests library and does not call curl.
Instruction Scope
SKILL.md instructs providing VIRUSTOTAL_API_KEY and ABUSEIPDB_API_KEY and running the included Python script; the instructions and code limit network calls to VirusTotal (v2 endpoints) and AbuseIPDB. The skill extracts IOCs from supplied text and does not reference unrelated system files or other environment variables. Note: SKILL.md's declared required bin ('curl') is not actually invoked by the code.
Install Mechanism
There is no install spec (instruction-only), which minimizes installation risks. However, the bundle includes a Python script that imports requests but the package does not declare or install that dependency; runtime will fail if requests is not present. No external downloads or obscure endpoints are used.
Credentials
The skill requires exactly two API keys (VirusTotal and AbuseIPDB) which are necessary for its stated functionality. No other credentials, system config paths, or unrelated secrets are requested.
Persistence & Privilege
The skill is not forced always-on (always:false) and does not request elevated or system-wide persistence. It does not modify other skills or global agent settings in the provided files.
Assessment
This skill appears to do what it says: query VirusTotal and AbuseIPDB for URLs/domains/IPs. Before installing: (1) review the included src/ioc_scan.py yourself (or run it in an isolated environment) to confirm behavior; (2) only provide dedicated API keys for VirusTotal and AbuseIPDB (create keys you can revoke and monitor) because submitted IOCs will be visible to those services; (3) note the package does not declare the Python 'requests' dependency — ensure your environment has it; (4) the metadata lists 'curl' though the code doesn't use it (likely harmless but sloppy); (5) avoid submitting sensitive/private URLs/hosts since submitting to VirusTotal/AbuseIPDB can leak them to third-party threat-intel systems; and (6) if you are unsure about trusting the unknown author, consider running the script locally or in a sandbox and monitor API usage before granting access to important/long-lived credentials.Like a lobster shell, security has layers — review code before you run it.
abuseipdbioclatestsecurityvirustotal
Klaus IOC Scanner 🛡️
Analisa URLs, domínios e IPs (IOCs) usando VirusTotal e AbuseIPDB para verificar reputação e detecções de malware/phishing.
Gatilhos
Use esta skill quando o usuário:
- Colar URLs, domínios ou IPs
- Pedir: "scan", "verificar", "reputação", "é malicioso?", "VirusTotal", "AbuseIPDB"
Configuração
Variáveis de Ambiente
export VIRUSTOTAL_API_KEY="sua_chave_virustotal"
export ABUSEIPDB_API_KEY="sua_chave_abuseipdb"
Uso via Linha de Comando
# Verificar IP
python3 src/ioc_scan.py scan 45.67.89.10
# Verificar domínio
python3 src/ioc_scan.py scan exemplo.com
# Verificar URL
python3 src/ioc_scan.py scan "https://exemplo.com/login"
# Verificar múltiplos IOCs
python3 src/ioc_scan.py scan "https://exemplo.com 8.8.8.8 dominio.ruim"
# Modo detalhado
python3 src/ioc_scan.py scan --verbose 1.2.3.4
Exemplos
- "Verifica a reputação deste IP: 45.67.89.10"
- "Esse link é phishing? https://exemplo.tld/login"
- "Analisa: exemplo.com 8.8.8.8"
Saída
A skill retorna:
- Resumo executivo com veredito
- Tabela rápida de resultados
- Detalhes por IOC (VirusTotal + AbuseIPDB)
- Recomendações de ação
Comments
Loading comments...