IP Threat Check

v1.0.0

Check IP address threat intelligence. Query multiple sources for IP reputation, geolocation, and threat scores.

⭐ 0· 129·0 current·0 all-time

by@freeter226

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for freeter226/ip-threat-check.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "IP Threat Check" (freeter226/ip-threat-check) from ClawHub.
Skill page: https://clawhub.ai/freeter226/ip-threat-check
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: ABUSEIPDB_API_KEY
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ip-threat-check

ClawHub CLI

Package manager switcher

npx clawhub@latest install ip-threat-check

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (IP threat checks) align with required binaries (python3), the single environment variable (ABUSEIPDB_API_KEY) and the included script. The script queries ip-api.com and AbuseIPDB, which is coherent with the stated purpose.

ℹ

Instruction Scope

Runtime instructions are scoped to running the included Python script and supplying an IP or file of IPs. The script performs only network queries to ip-api.com and api.abuseipdb.com and reads a user-provided file for bulk mode. Minor issues: SKILL.md mentions VirusTotal as an optional source but the included script does not call VirusTotal; SKILL.md metadata lists ABUSEIPDB_API_KEY as required while the script treats it as optional (skips AbuseIPDB if not set).

✓

Install Mechanism

There is no install spec (instruction-only with an included script). No external packages are downloaded or executed during install; the only runtime requirement is python3 which is reasonable for a Python script.

ℹ

Credentials

Only ABUSEIPDB_API_KEY is referenced. This is proportionate to accessing AbuseIPDB. However, registry/metadata and SKILL.md differ about whether that variable is required or optional; the code treats it as optional. No other credentials or unrelated secrets are requested.

✓

Persistence & Privilege

The skill does not request persistent or elevated privileges, does not set always:true, and does not modify other skills or system configuration. It runs only when invoked.

Assessment

This skill appears to do what it says: run the included Python script to query ip-api.com (free) and AbuseIPDB (if you set ABUSEIPDB_API_KEY). Before installing, consider: (1) providing an AbuseIPDB key will send queried IPs to that third party — do not submit private/internal addresses you don't want disclosed; (2) the metadata/README disagree about whether the key is required — the script will simply skip AbuseIPDB if no key is present; (3) SKILL.md mentions VirusTotal but the script does not use it; (4) outbound HTTP(S) calls will be made to ip-api.com and api.abuseipdb.com and may be rate-limited. If you need the skill to use additional sources (e.g., VirusTotal) or to avoid sending certain IP ranges, review/modify the included script before use.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔍 Clawdis

Binspython3

EnvABUSEIPDB_API_KEY

latestvk970t2yb5pr9qs3gfp0kpydbbx83dpb8

129downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

IP Threat Check

Check IP address threat intelligence from multiple sources.

Features

Multi-source Query - Query multiple threat intelligence sources
Geolocation - Get IP geolocation info
Threat Score - Check abuse/threat scores
History - View recent abuse reports
Bulk Check - Check multiple IPs at once

Usage

python3 skills/ip-threat-check/scripts/ip_threat.py <action> [options]

Actions

Action	Description
`check`	Check single IP address
`bulk`	Check multiple IPs
`info`	Get basic IP info (no API key needed)

Options

Option	Type	Default	Description
`--ip`	string	-	IP address to check
`--file`	string	-	File with IPs (one per line)
`--source`	string	all	Source (all, abuseipdb, ipapi)
`--days`	int	30	Days of history to check

Data Sources

Source	API Key	Info Provided
ip-api.com	❌ Free	Geolocation, ISP
AbuseIPDB	✅ Required	Threat score, reports
VirusTotal	✅ Optional	Additional threat info

Examples

# Basic IP info (no API key)
python3 skills/ip-threat-check/scripts/ip_threat.py info --ip 8.8.8.8

# Full threat check (requires API key)
python3 skills/ip-threat-check/scripts/ip_threat.py check --ip 192.168.1.1

# Bulk check
python3 skills/ip-threat-check/scripts/ip_threat.py bulk --file ips.txt

Environment Variables

Variable	Required	Description
`ABUSEIPDB_API_KEY`	Optional	AbuseIPDB API key

Output Example

{
  "success": true,
  "ip": "8.8.8.8",
  "geolocation": {
    "country": "United States",
    "city": "Mountain View",
    "isp": "Google LLC"
  },
  "threat": {
    "score": 0,
    "reports": 0,
    "risk": "low"
  }
}

Use Cases

Security Analysis - Check suspicious IPs
Log Analysis - Enrich log data with threat info
Incident Response - Quick IP reputation check
Threat Hunting - Identify malicious IPs

Current Status

In development.

Comments

Loading comments...