← Back to Skills Marketplace
moxin1044

threatbook-skills

by 末心 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
145
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install threatbook-skills
Description
集成微步在线威胁情报API,提供文件上传分析、文件信誉查询、多引擎检测、IP信誉查询和失陷检测能力;当用户需要分析可疑文件、查询文件威胁情报、检测IP安全状态或排查主机失陷风险时使用
Usage Guidance
This skill appears to do what it claims: it calls ThreatBook APIs and requires a ThreatBook API key. Before installing, consider: 1) Do not upload sensitive or private files — file_upload.py transmits file bytes to an external service. 2) Set THREATBOOK_API_KEY in your environment (most scripts read it), but note ip_reputation.py requires an --api_key CLI argument (SKILL.md examples omitted this) — either pass the key on the command line or edit the script to read the env var. 3) Confirm you obtained the API key from the official ThreatBook site (api.threatbook.cn) and understand rate limits and data retention policies. 4) If you want stricter safety, review/modify the scripts to avoid uploading files you cannot share, and prefer using hashed queries (file_report/file_multiengines) rather than uploading full binaries.
Capability Analysis
Type: OpenClaw Skill Name: threatbook-skills Version: 1.0.0 The skill bundle is a legitimate integration for the ThreatBook (微步在线) threat intelligence platform. The scripts in the `scripts/` directory (such as `file_upload.py`, `ip_reputation.py`, and `file_report.py`) correctly implement the functionality described in `SKILL.md` by interacting with official ThreatBook API endpoints (api.threatbook.cn). There is no evidence of data exfiltration, malicious execution, or prompt injection; the file upload capability is consistent with the stated purpose of security analysis.
Capability Assessment
Purpose & Capability
Name/description, required env var (THREATBOOK_API_KEY), and the included scripts all align: file upload/report, multi-engine, IP reputation, and DNS compromise use ThreatBook endpoints. The requested credential is what this integration needs.
Instruction Scope
SKILL.md directs the agent to run the provided scripts and to supply the API key. All scripts call api.threatbook.cn and only transmit the data required for those queries. Note: file_upload.py will send raw file contents to the external ThreatBook service (expected for this feature) — users should avoid uploading sensitive files. Also SKILL.md examples for the IP script omit the required --api_key argument, causing a small mismatch between docs and code.
Install Mechanism
No install spec; dependency is only requests==2.28.0 declared in the SKILL.md. There are no downloads from arbitrary URLs or archive extraction; risk from installation is low.
Credentials
Only THREATBOOK_API_KEY is declared as required (primary credential) which is proportional. One script (ip_reputation.py) accepts an --api_key CLI argument rather than reading the env var, which is an inconsistency but not a privilege escalation. No unrelated credentials, config paths, or suspicious environment access are requested.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system settings. It does not request persistent elevated privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install threatbook-skills
  3. After installation, invoke the skill by name or use /threatbook-skills
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of threatbook-skills, providing integration with 微步在线 (ThreatBook) threat intelligence API. - Supports file upload and analysis for suspicious files. - Allows reputation queries for files using hash values. - Provides multi-engine antivirus scan reports. - Enables IP reputation query and context. - Includes domain/IP compromise detection functionality. - Requires THREATBOOK_API_KEY for API access.
Metadata
Slug threatbook-skills
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is threatbook-skills?

集成微步在线威胁情报API,提供文件上传分析、文件信誉查询、多引擎检测、IP信誉查询和失陷检测能力;当用户需要分析可疑文件、查询文件威胁情报、检测IP安全状态或排查主机失陷风险时使用. It is an AI Agent Skill for Claude Code / OpenClaw, with 145 downloads so far.

How do I install threatbook-skills?

Run "/install threatbook-skills" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is threatbook-skills free?

Yes, threatbook-skills is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does threatbook-skills support?

threatbook-skills is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created threatbook-skills?

It is built and maintained by 末心 (@moxin1044); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments