Isis Analysis
v1.0.0IS-IS protocol analysis with adjacency diagnosis, LSPDB analysis, level 1/2 routing validation, and NET address verification. Multi-vendor coverage for Cisco...
⭐ 0· 35·1 current·1 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the instructions: the SKILL walks an operator through IS-IS adjacency, LSPDB, NET validation and related diagnostics. These tasks legitimately require SSH/console access to routers and vendor 'show' commands; the commands in the references are read-only and appropriate for the stated purpose.
Instruction Scope
All runtime instructions are 'show' / read-only CLI commands for Cisco/JunOS/EOS and stepwise diagnostic guidance. The procedure does not instruct reading unrelated local files, posting data to external endpoints, or running configuration-changing commands. It does assume the user/agent can collect device outputs (e.g., via SSH).
Install Mechanism
No install spec and no code files — instruction-only. This minimizes risk because nothing is downloaded or written to disk by the skill itself.
Credentials
The runtime instructions assume SSH/console access (and the SKILL.md openclaw metadata lists 'ssh' in required bins), but the registry metadata presented to the reviewer shows no required binaries or environment variables and no declared primary credential. In practice the skill will need SSH credentials (or interactive console) to collect show outputs — those credentials are not declared here. That mismatch should be clarified and only least-privilege, read-only credentials should be provided.
Persistence & Privilege
always:false and no install; the skill does not request persistent/system-level privileges or modify other skills. Autonomous invocation is allowed (default) but is not combined here with other concerning factors.
Scan Findings in Context
[NO_REGEX_FINDINGS] expected: The package is instruction-only and the scanner had no code to analyze. That is expected for a documentation/playbook style skill.
Assessment
This skill is a read-only IS-IS diagnostic playbook and appears coherent with that purpose, but confirm these before installing/using: 1) Clarify the SSH requirement: the SKILL.md expects an 'ssh' client and access to devices, yet the registry metadata does not declare required binaries or credentials; verify how the agent will obtain device access. 2) Provide least-privilege credentials (read-only/monitoring account or an account limited by ACLs) — do NOT supply broad private keys that can configure or access unrelated systems. 3) Review runtime behavior in a safe environment first: run the skill against a lab/router with non-sensitive data to confirm it issues only 'show' commands. 4) If you require an audit trail, ensure CLI output captured by the agent is logged locally and not transmitted to unknown external endpoints (the skill does not declare egress endpoints, but confirm your agent/runtime policy). 5) Because the skill has no homepage or source listed, consider asking the publisher for provenance or a repository link if you require stronger supply-chain assurance.Like a lobster shell, security has layers — review code before you run it.
latestvk97ahzka7mchpm7nhjgc35jj85840n3t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.