ip-intelligence
PassAudited by ClawScan on May 13, 2026.
Overview
This instruction-only skill appears coherent for IP threat-intelligence lookups and report generation, but it depends on an API key and sends queried IP/report data to an external service.
Before installing, confirm you trust the listed API provider and have permission to share queried IP/report data with it. Configure the API key securely, do not hardcode it, and validate generated security reports before using them for operational decisions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
IP addresses or report queries may be sent to the listed intelligence provider.
The skill directs the agent to submit IP lookup requests to a documented external API. This is purpose-aligned, but queried IPs may leave the user's environment.
基础URL: `https://ai2api.top/api/v1/security/ip-intelligence` ... 请求体: { "ip": "1.13.246.134", "fields": ["all"] }Use the skill only when you are comfortable sharing the queried IP data with that provider.
Anyone or any agent with access to this environment variable could use the configured IP-intelligence service under that key.
The skill requires an API key and passes it in an HTTP header. This is expected for the service, and the artifact explicitly warns not to hardcode the key.
IP_INTELLIGENCE_API_KEY=<your-api-key> ... X-API-Key: ${IP_INTELLIGENCE_API_KEY}Use a scoped key if available, store it only in the environment, and rotate it if exposed.
Installation or review screens may not clearly show that an API key is needed.
The registry metadata does not declare required environment variables, while SKILL.md declares IP_INTELLIGENCE_API_KEY. Because the credential use is documented and purpose-aligned, this is a metadata clarity note rather than a concern.
Required env vars: none; Env var declarations: none
Confirm the required API key and provider before enabling the skill.
Generated security reports could influence operational decisions such as blocking IPs or prioritizing fixes.
The report templates include authoritative-looking data-source labels and recommendations. This fits the reporting purpose, but recipients may over-trust generated reports if the source and methodology are not verified.
**数据来源**:福建政务云威胁情报平台 | **信源参考**:CNCERT | CNNVD | 安全内参
Verify the data source, date range, and high-impact recommendations before distributing or acting on generated reports.