← Back to Skills Marketplace

Threat Radar

Name: Threat Radar
Author: mariusfit

by mariusfit · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

484

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install threat-radar

Description

Continuously scans Docker images, dependencies, network ports, SSL/TLS, and OpenClaw config for CVEs; alerts via WhatsApp, Telegram, or Discord.

Usage Guidance

What to consider before installing: - Ask the publisher for a homepage/source and documentation that explains how alerts are delivered (what webhook/tokens are required) and where they are stored. The skill promises WhatsApp/Telegram/Discord alerts but declares no credentials — do not assume alerts are configured automatically. - Review the remainder of threat_radar.py (the parts not shown) to confirm how it sends notifications and what network endpoints it calls. Look specifically for any hard-coded endpoints, webhook URLs, or obfuscated network calls. - Confirm what `cron-install` modifies: ask for the exact code or commands it runs. Prefer to run scans ad-hoc first rather than enabling scheduled tasks system-wide. - Because the scanner reads package manifests, Docker images, and OpenClaw config and writes logs/DB under ~/.openclaw, run it in a restricted test environment (or container) first to verify behavior and avoid exposing production credentials or sensitive files. - If you want to use alerting channels, require explicit configuration: webhook URLs or tokens should be set by you and documented; do not provide any broad credentials (SSH keys, cloud keys) unless absolutely necessary and justified. - If the publisher cannot provide source/installation clarity or the code that performs notifications, treat this skill as untrusted. What would change this assessment: seeing the full source for notification/cron-install code (showing it only uses user-supplied webhook URLs and documents cron changes), or a clear install spec that safely registers the CLI and documents required credentials would reduce the concerns.

Capability Analysis

Type: OpenClaw Skill Name: threat-radar Version: 1.0.0 The skill is classified as suspicious due to significant functional vulnerabilities and misleading claims, despite lacking direct evidence of malicious intent. The `threat_radar.py` script uses hardcoded 'mock NVD data' in its `_fetch_cve_data` method, rendering its core CVE alerting feature ineffective and contradicting the `SKILL.md`'s claim of pulling from NVD and GitHub. Additionally, the `cron-install` and `cron-remove` commands advertised in `SKILL.md` are not implemented in the Python script, indicating missing functionality. While the code uses `subprocess` and `socket` for scanning, these operations are confined to the stated purpose (e.g., `docker images`, `openssl s_client`, local port checks) and do not show signs of data exfiltration or unauthorized access. The `SKILL.md` itself does not contain any prompt injection attempts.

Capability Assessment

⚠ Purpose & Capability

The description promises alerting via WhatsApp/Telegram/Discord and automatic CVE feeds from NVD/GitHub, but the package declares no required credentials or webhook URLs and the bundled code uses a mocked local CVE dataset rather than pulling live feeds. Also SKILL.md shows a CLI with commands like `threat-radar cron-install`, but no install mechanism is provided to expose a `threat-radar` executable. These are inconsistencies between stated capabilities and what is requested/installed.

⚠ Instruction Scope

SKILL.md and the code instruct the agent to scan Docker images, filesystem dependency files, local network ports, SSL/TLS endpoints and OpenClaw configuration. Those actions legitimately require local file and network access and the code will create config/db files under ~/.openclaw/workspace/monitoring/threat-radar. This is consistent with a scanner, but it also means the skill will read potentially sensitive local files (OpenClaw credential files, package manifests) and perform network scans — SKILL.md does not clearly enumerate what local data will be read or require explicit consent, which is scope creep for users who expect minimal access.

⚠ Install Mechanism

There is no install spec even though SKILL.md advertises a CLI (threat-radar) and management commands like cron-install. The skill includes a Python file but no guidance on how it becomes a system command or how cron-install is implemented. Lack of an install procedure is an incoherence — either the agent must run the script directly, or the skill should provide a safe, explicit install step; neither is present.

⚠ Credentials

The skill requests no environment variables or credentials, yet promises to send alerts via WhatsApp/Telegram/Discord — integrations that normally require webhook URLs, tokens, or phone credentials. The absence of declared credentials is disproportionate to the alerting capability described. The skill will also create and write config, DB, logs under the user's home directory which could contain sensitive data; the SKILL.md and manifest do not declare or justify this access.

ℹ Persistence & Privilege

The skill is not force-installed (always:false) and model invocation is allowed (default). However, SKILL.md exposes a `cron-install` command and the code writes persistent config (db, cve cache, history, logs) into the user's workspace. Scheduled scans (cron) would give the skill ongoing presence and periodic network/file access; because no install spec details what cron-install does, this persistence is notable and should be reviewed before enabling.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install threat-radar
After installation, invoke the skill by name or use /threat-radar
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial public release of threat-radar. - Continuous security scanning for Docker images, service ports, dependencies, and SSL/TLS. - Automatic CVE monitoring, matching vulnerabilities to your actual stack. - Severity-based alerting with notification via WhatsApp, Telegram, or Discord. - Detailed reporting: weekly digests, posture trends, and remediation guidance. - Runs fully within OpenClaw—no third-party SaaS required.

Metadata

Slug threat-radar

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Threat Radar?

Continuously scans Docker images, dependencies, network ports, SSL/TLS, and OpenClaw config for CVEs; alerts via WhatsApp, Telegram, or Discord. It is an AI Agent Skill for Claude Code / OpenClaw, with 484 downloads so far.

How do I install Threat Radar?

Run "/install threat-radar" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Threat Radar free?

Yes, Threat Radar is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Threat Radar support?

Threat Radar is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Threat Radar?

It is built and maintained by mariusfit (@mariusfit); the current version is v1.0.0.

More Skills