ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Incident Response Lifecycle

v1.0.0

Incident response process management following the NIST 800-61 lifecycle. Covers severity classification, escalation matrices, role assignment, communication...

0· 69·1 current·1 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared in-file metadata (openclaw.requires.bins) lists 'ssh' as a required binary, but the skill's name, description, and all instructions focus purely on organizational process, templates, and facilitation — no SSH or remote execution is described or needed. The registry-level requirements shown to you list no required binaries, so there is an internal inconsistency between the SKILL.md metadata and the registry manifest. This mismatch should be clarified.
Instruction Scope
SKILL.md and the two reference documents are process-oriented: severity classification, role assignment, escalation, communication templates, and RCA frameworks. The runtime instructions do not tell the agent to read unrelated files, access environment variables, call external endpoints, or execute system commands. Scope stays within coordination and documentation.
Install Mechanism
There is no install spec and no code files — this is instruction-only. Nothing will be written to disk or fetched during install, which minimizes risk.
Credentials
The skill declares no required environment variables, credentials, or config paths, and the instructions do not reference any secrets or external tokens. That is proportionate to a runbook-style skill. The only oddity is the in-file metadata requiring 'ssh' (see purpose_capability).
Persistence & Privilege
The skill is not marked always:true, it's user-invocable, and model invocation is allowed (normal defaults). There is no install-time persistence, no requested modification of other skills, and no evidence it tries to store credentials or change agent-wide settings.
What to consider before installing
This skill is essentially a documented incident-response runbook with templates and RCA guidance — there is no code or external network behavior, which is good. Before installing or enabling autonomous invocation: (1) Ask the publisher or maintainer to explain the SKILL.md metadata that lists 'ssh' as a required binary — that looks like either a stale field or a mis-declared capability. (2) If you plan to allow autonomous invocation, ensure your agent's policy prevents it from executing arbitrary system commands or fetching credentials; this skill's content doesn't need that, so any runtime command access would be unexpected. (3) Verify you have appropriate organizational authority and up-to-date contact directories referenced by the runbook (the skill assumes these exist but does not provide them). (4) If you need absolute assurance, prefer using this as a read-only reference (manual use) rather than letting an agent act autonomously on its instructions until the 'ssh' metadata discrepancy is resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pstjdx1ac2g4z5048sf78n83d9fp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments