ClawHub

Internet Failure Analysis Expert

v0.1.1

对各类故障进行系统性分析,支持CVE漏洞和互联网故障两种模式,包括获取官方报告、拆解时间线、分析导火索和连环故障、识别根本原因(人、组织因素)以及提供技术改进建议,最终生成完整分析报告

0· 1.7k·0 current·0 all-time
by@quasarryan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for CVE and internet-failure analysis and the repository provides two helper scripts (fetch_cve_data.py and extract_webpage.py) plus SKILL.md that instructs the agent to use them. No unrelated env vars, binaries, or config paths are requested — the requested capabilities are proportional to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to search the web, call the NVD API, identify 'official' advisories and fetch arbitrary advisory/report URLs using the included scripts. The instructions do not ask the agent to read local files or other system credentials, but they do permit fetching arbitrary URLs (public or internal) which could expose internal endpoints if the runtime environment has access.
Install Mechanism
No install spec is provided (instruction-only skill). The repository includes small Python scripts and a requirements.txt; nothing is automatically downloaded from unknown hosts or installed during a hidden install step.
Credentials
The skill requires no environment variables or credentials (primaryEnv none). Its network operations use public NVD API and arbitrary URLs; no secret tokens are requested. Note: NVD API rate limits are referenced in SKILL.md and should be respected.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system privileges or modify other skills. It can be invoked by the agent normally; there is no indication it alters system or agent configuration.
Assessment
This skill appears coherent and implements what it claims, but it performs web requests and will fetch arbitrary URLs (including any URLs you provide). Before installing or invoking it: (1) inspect the two Python scripts (already included) — they only use requests + BeautifulSoup and return extracted page text; (2) avoid running the skill from a host that can reach sensitive internal services unless you intentionally want internal pages fetched (risk of exposing internal content); (3) consider running it in a network-restricted or sandboxed environment or use an allowlist of domains; (4) do not provide secrets or private endpoints to the skill; (5) be aware of NVD API rate limits and site anti-scraping policies when analyzing many CVEs or pages.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a36snf9mgfh8a8q1kag35k582y35d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments