Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ai Company Ciso
v2.0.0AI公司首席信息安全官(CISO)技能包。STRIDE威胁建模、渗透测试、事件响应、合规审计、AI网关、零信任架构、NHI管理。
⭐ 0· 117·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md content is a coherent, high-level CISO/AI-governance playbook and largely aligns with the skill name and description. However, metadata inconsistencies exist: meta.json/_meta.json report version 1.1.0 while SKILL.md advertises v2.0.0, which suggests packaging or publishing issues that should be resolved. The declared permissions (files read, network api, mcp sessions_send/subagents) are plausible for a governance/coordination skill but are not explicitly justified by the instruction text.
Instruction Scope
The SKILL.md is instruction-only and stays at a policy/architecture/advisory level — it does not include runtime commands, paths, or environment-variable access instructions that would directly exfiltrate data. That said the document is high-level and leaves technical implementation details unspecified (e.g., what files, logs, or endpoints will be accessed), granting broad discretion to any runtime implementation.
Install Mechanism
No install spec and no code files are present (instruction-only), so there is nothing to be written to disk or executed as part of an install. This minimizes supply-chain risk from the skill bundle itself.
Credentials
The skill declares no required environment variables or specific config paths, which is good, but it requests general 'files: [read]' and 'network: [api]' permissions plus 'mcp: [sessions_send, subagents]'. 'files: [read]' without scoped paths, and the ability to spawn/communicate with subagents (subagents & sessions_send) are powerful capabilities that are not justified in-line by the SKILL.md's advisory content. For example, reading files and network API access could allow log access or external calls; subagent privileges can broaden the skill's effective footprint across agents. These should be narrowly scoped and explained.
Persistence & Privilege
always:false (good) and model invocation allowed (normal). However, mcp privileges to send sessions and create subagents give the skill the ability to act beyond a passive advisor if the platform grants those MCP actions at runtime. That increases blast radius and should be granted only with explicit justification and guardrails; the SKILL.md does not describe how/why subagents are needed or what limits apply.
Scan Findings in Context
[no_code_files_to_scan] expected: The static scanner found no code because this is an instruction-only skill (SKILL.md only). Absence of regex findings is expected but means the runtime behavior depends on platform-permission enforcement rather than bundled code.
What to consider before installing
This skill reads like a policy/advisory pack (benign content) but requests broad runtime permissions that are not explained. Before installing: 1) Ask the publisher to explain why 'files: [read]', 'network: [api]', and especially 'mcp: [sessions_send, subagents]' are required and request explicit scoping (which hostnames, which file paths, which subagent actions). 2) Require least-privilege limits: restrict file-read to specific log/dir paths, whitelist network endpoints, and deny subagent creation unless necessary. 3) Resolve metadata/version mismatches (meta.json vs SKILL.md). 4) If you must test, run the skill in an isolated environment with monitoring and audit logging enabled. 5) If you cannot obtain satisfactory clarification about the mcp/subagent capabilities, treat the skill as high-risk and avoid granting those privileges.Like a lobster shell, security has layers — review code before you run it.
ai-companyvk97709ae4v5ap52vcbeqqy8n3n84rnmwc-suitevk97ewwxjk2jege97fyd8n0tweh84m3r3cisovk97709ae4v5ap52vcbeqqy8n3n84rnmwincident-responsevk97709ae4v5ap52vcbeqqy8n3n84rnmwlatestvk9720ek9q3n6xdv9f581c6gzs184tp66owaspvk97709ae4v5ap52vcbeqqy8n3n84rnmwpenetration-testingvk97709ae4v5ap52vcbeqqy8n3n84rnmwrisk-managementvk97ag1dz6cbtx4hmszmayzx7nd84nryrsecurityvk97ag1dz6cbtx4hmszmayzx7nd84nryr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.