S³ Malware Analyst
v1.0.0Expert malware analyst specializing in defensive malware research, threat intelligence, and incident response. Masters sandbox analysis, behavioral analysis,...
⭐ 0· 104·0 current·0 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (malware analyst) match the SKILL.md content: static/dynamic analysis steps, tools, IOCs, YARA rules, and reporting templates. No unrelated binaries, services, or credentials are requested.
Instruction Scope
Instructions explicitly direct running/monitoring of malware samples (e.g., executing sample.exe, using Process Monitor, Wireshark, INetSim). That's appropriate for malware analysis but inherently dangerous if followed on a non-isolated host. The skill does not request unrelated files/credentials or external exfiltration, but it assumes availability of a VM and many analysis tools. It references resources/implementation-playbook.md which may be missing.
Install Mechanism
No install spec (instruction-only). This minimizes disk-write/remote-download risk; the skill does not attempt to fetch or install binaries itself.
Credentials
No environment variables, credentials, or config paths are requested. The skill's operations (analyzing a local sample in a VM) do not require external secrets.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request permanent presence or modification of other skills or system-wide agent settings.
Assessment
This skill is coherent for defensive malware analysis, but it contains actionable steps to execute and inspect malicious binaries. Only follow these instructions in a properly isolated, instrumented environment (air-gapped or with simulated network like INetSim), with snapshots and containment controls. Verify you have legal/organizational approval to handle malware. Ensure analysis tools (FLOSS, rabin2, IDA/Ghidra, Wireshark, Process Monitor, INetSim, etc.) are installed in the analysis VM and that you do not run samples on your host. Expect the skill to assume a sample file (sample.exe) is present and to produce IOCs — treat any extracted secrets or network endpoints as potentially sensitive. If you want to run this skill as an autonomous agent, carefully consider the increased blast radius (it can suggest or instruct execution steps); prefer manual invocation and human review for any destructive operations.Like a lobster shell, security has layers — review code before you run it.
incident-responsevk97bh47dxxgd1ks2y8ndwtpatn837cssiocvk97bh47dxxgd1ks2y8ndwtpatn837csslatestvk97bh47dxxgd1ks2y8ndwtpatn837cssmalwarevk97bh47dxxgd1ks2y8ndwtpatn837csssandboxvk97bh47dxxgd1ks2y8ndwtpatn837cssthreat-intelvk97bh47dxxgd1ks2y8ndwtpatn837css
License
MIT-0
Free to use, modify, and redistribute. No attribution required.