← Back to Skills Marketplace
171
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install threat-intel-v2
Description
Aggregates and analyzes open-source intelligence (OSINT) data from multiple sources to identify threats, validate indicators, and enrich security investigati...
Usage Guidance
This skill will send any indicator you supply to external hosts (api.mkkpro.com / toolweb.in). Before installing or using it: 1) Verify the service owner and trustworthiness (homepage, source repo, contact, SLA). 2) Check the API docs to learn whether an API key is required and how data is authenticated and protected (TLS, headers). 3) Ask how submitted indicators are stored, shared, and retained (privacy/retention policy). 4) Test with non-sensitive indicators first. 5) Prefer skills that document required credentials and provide clear security/privacy policies; if you must use this, consider isolating calls, limiting autonomy, and monitoring outbound requests. Additional information that would raise confidence to 'high': a verifiable homepage/repo, documented authentication/security scheme in openapi.json, and a clear privacy/data-retention policy.
Capability Analysis
Type: OpenClaw Skill
Name: threat-intel-v2
Version: 1.0.0
The skill bundle defines a Threat Intelligence Aggregator designed to query a remote API (api.mkkpro.com) for OSINT data such as IP reputation and malware associations. The documentation in SKILL.md and the API definition in openapi.json are consistent with the stated purpose and contain no evidence of malicious intent, data exfiltration, or prompt injection.
Capability Assessment
Purpose & Capability
The SKILL.md describes a multi-source OSINT aggregator (including proprietary feeds) and lists external API endpoints and pricing, which is coherent with the stated purpose. However, there is no homepage/source repository and no declared authentication mechanism or credentials. Aggregating proprietary feeds typically requires upstream API keys or licenses; the absence of any required env vars or security/schema in the provided openapi.json is an inconsistency that reduces transparency about how the service obtains paid/proprietary data.
Instruction Scope
The instructions are an API description that points the agent to external endpoints (Kong route: https://api.mkkpro.com/security/threat-intel-v2 and API docs at https://api.mkkpro.com:8011/docs). Using the skill will cause whatever indicators you provide to be sent to those external hosts. The SKILL.md does not document authentication headers, rate-limiting behavior for anonymous use, or how submitted data is stored/retained—this is a privacy and data-exfiltration concern for sensitive indicators.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes local persistence and filesystem risk; nothing is downloaded or executed locally by the skill package itself.
Credentials
No environment variables or primary credential are declared. That is safe for local secrets, but also unexpected given the pricing/tier information and claim of proprietary feed aggregation. Typically a user-facing aggregator API requires an API key (not declaring one is an opaque design decision). If the backend requires credentials, the SKILL.md should document how to provide them; if not, you should verify intended anonymous usage and any limits or data use policies.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify agent/system configs. It is user-invocable and may be called autonomously (platform default), which increases blast radius if you allow autonomous runs, but that is standard and not in itself a red flag here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install threat-intel-v2 - After installation, invoke the skill by name or use
/threat-intel-v2 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of Threat Intelligence Aggregator.
- Aggregates and analyzes OSINT from multiple sources for threat identification and enrichment.
- Provides detailed indicator lookups including reputation score, threat level, geolocation, malware associations, and source attribution.
- POST /osint-lookup endpoint supports validation and enrichment of IPs, domains, emails, file hashes, and URLs.
- Offers tiered pricing plans including Free, Developer, Professional, and Enterprise.
Metadata
Frequently Asked Questions
What is Threat Intel V2?
Aggregates and analyzes open-source intelligence (OSINT) data from multiple sources to identify threats, validate indicators, and enrich security investigati... It is an AI Agent Skill for Claude Code / OpenClaw, with 171 downloads so far.
How do I install Threat Intel V2?
Run "/install threat-intel-v2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Threat Intel V2 free?
Yes, Threat Intel V2 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Threat Intel V2 support?
Threat Intel V2 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Threat Intel V2?
It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.0.
More Skills