Malware Analyst
v1.0.1Expert malware analysis for defensive security research. Static and dynamic analysis, sandbox triage, IOC extraction, unpacking, and malware family identific...
⭐ 0· 186·0 current·0 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description (malware analysis, static/dynamic triage, IOC extraction) align with the SKILL.md instructions. All commands, tools, and workflows listed (strings, FLOSS, rabin2, IDA/Ghidra, VM setup, Process Monitor, Wireshark, etc.) are appropriate for defensive analysis and are proportionate to the stated purpose.
Instruction Scope
The instructions explicitly direct the agent/operator to run static and dynamic analyses and to execute samples in a Windows VM. This is expected for malware analysis but is operationally dangerous if done without proper isolation, authorization, and safety controls. The SKILL.md presumes availability of many external tools and does not include enforcement of explicit safety checks beyond a brief VM recommendation. It also references a resources/implementation-playbook.md that is not present in the manifest.
Install Mechanism
No install spec and no code files are present. The skill is instruction-only and does not pull or write code to disk, which limits its install-time risk.
Credentials
The skill requests no environment variables, credentials, or config paths. The lack of requested secrets is appropriate; however, the workflows depend on many external tools (some commercial, e.g., IDA Pro) and a properly configured VM/network simulation environment.
Persistence & Privilege
always is false and the skill does not request persistent presence or elevated platform privileges. Autonomous invocation is allowed by default but is not combined with any broad credentials or persistent modifications here.
Assessment
This skill is coherent for defensive malware analysis but follows procedures that are intrinsically hazardous: only run malware samples in fully isolated, air-gapped or well-simulated environments (snapshotted VMs), and ensure you have explicit authorization to analyze samples. Confirm you have the required tools and licenses (e.g., IDA Pro) and set up network simulation (INetSim/FakeNet) to avoid accidental exfiltration. Be aware the skill references external resource files that are not present in the package; review and vet any external playbooks before following them. If you plan to let an agent invoke this skill autonomously, restrict network access and monitor operations to prevent unintended execution outside a safe sandbox.Like a lobster shell, security has layers — review code before you run it.
latestvk9789hnv3cjxznz9f5p70r0b3h838b7d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.