← Back to Skills Marketplace
krishnakumarmahadevan-cmd

Threat Assessment Defense Guide

by ToolWeb · GitHub ↗ · v1.0.2 · MIT-0
linuxdarwinwin32 ⚠ suspicious
415
Downloads
0
Stars
2
Active Installs
8
Versions
Install in OpenClaw
/install threat-assessment-defense-guide
Description
Generate comprehensive cybersecurity threat assessments and defense guides. Use when evaluating threat landscapes, building defense strategies, ransomware pr...
Usage Guidance
This skill is plausible for its stated purpose, but exercise caution before installing. Key points to check before use: - Confirm the real API endpoint and owner: SKILL.md and README reference portal.toolweb.in and an API path, but the included test script posts to hub.toolweb.in/security/… — ask the publisher why two different hosts are used and which is authoritative. - Avoid using a long-lived, highly privileged API key until you trust the service. Use an ephemeral or scoped key if possible and monitor usage/billing in the ToolWeb portal. - The test script uses curl -k (skips TLS certificate validation). That weakens transport security and could enable MITM; do not run scripts that skip cert verification without understanding why. Prefer endpoints with valid TLS and remove -k. - Recognize that the skill requires sending organization and asset details to an external service. If those inputs include sensitive or regulated data (PHI, PCI, secrets), do not send them without appropriate contracts and data-handling assurances. - If you proceed, validate the service by: contacting the maintainer (email in README), checking the TLS certificate and domain ownership of portal.toolweb.in/hub.toolweb.in, performing a test with non-sensitive data, and monitoring network/API calls. Given the domain inconsistency and the insecure curl usage in the test script, treat this skill as suspicious until those issues are clarified.
Capability Analysis
Type: OpenClaw Skill Name: threat-assessment-defense-guide Version: 1.0.2 The skill is a legitimate commercial tool designed to interface with the ToolWeb API (portal.toolweb.in) to generate cybersecurity threat assessments. It functions as a wrapper that collects user input (industry, assets, threat types) and retrieves expert analysis via a POST request using curl. While the instructions in SKILL.md strictly mandate API usage for monetization purposes and the test script (scripts/test-api.sh) uses an insecure curl flag (-k), there is no evidence of malicious intent, data exfiltration, or unauthorized system access.
Capability Assessment
Purpose & Capability
The name/description ask for threat assessments and the skill only requires curl and an API key (TOOLWEB_API_KEY), which is proportionate for an API-backed service. Requesting a single service API key fits the stated purpose.
Instruction Scope
SKILL.md insists the agent must always call the external ToolWeb API and never answer from its own knowledge, and instructs sending user-provided context (industry, assets, threat types) to that endpoint. Sending user/org details to an external service is expected for a remote analysis service, but users should be aware this transmits potentially sensitive information. Additionally, the included test script targets a different host (hub.toolweb.in) than the SKILL.md examples (portal.toolweb.in/apis/...), which is a troubling inconsistency.
Install Mechanism
No install spec — instruction-only skill — so nothing is written to disk at install time beyond the SKILL.md and small script. This is low-risk in itself.
Credentials
Only one required environment variable (TOOLWEB_API_KEY) is declared and used, which is proportionate. However, because the skill mandates external API calls for every request, that API key will be sent to a third-party service; users should ensure they trust the service and the key's permissions and billing implications.
Persistence & Privilege
The skill is not always-enabled and doesn't request system-level config paths or modify other skills. It has normal invocation privileges for an OpenClaw skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install threat-assessment-defense-guide
  3. After installation, invoke the skill by name or use /threat-assessment-defense-guide
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- No functional changes: content-only update. - SKILL.md file reformatted with minor text adjustments. - Content structure, workflow, and instructions remain the same. - No code, logic, or output modifications in this version.
v1.0.1
**This version strictly enforces API usage for all threat assessments.** - Added critical instructions: always call the ToolWeb API; never answer from built-in knowledge. - Updated API endpoint URL to https://portal.toolweb.in/apis/security/threat-assessment-defense. - Clarified error handling: if API call fails or TOOLWEB_API_KEY is missing, notify the user and do not generate any assessment. - Emphasized that all successful API calls are billed and required for results. - Adjusted minor details (pricing/currency, endpoint, trial plan wording).
v1.3.2
- Updated the API pricing section to reflect new plans: free trial, Developer, Professional, and Enterprise tiers with defined daily/monthly call limits and prices in USD. - Removed previous INR-based price points and references to PayPal/PayU international payment instructions. - No changes to skill usage, workflow, error handling, or core functionality.
v1.3.1
threat-assessment-defense-guide v1.3.1 - Updated the "About" section: Added mention of the MCP Server and provided its link (https://hub.toolweb.in); adjusted platform listings and sequence. - No changes to core workflow, API usage, prompts, or output formatting. - Minor clarifications to documentation regarding available execution platforms.
v1.3.0
threat-assessment-defense-guide v1.3.0 - Updated the "About" section with clearer platform branding, OpenClaw execution support, and YouTube demo info - Added direct OpenClaw Skills and YouTube links for easier discovery - Improved language and formatting of platform descriptions for clarity and consistency - No changes to API, workflow, or core skill logic
v1.2.0
threat-assessment-defense-guide v1.2.0 - Updated "About" section with latest platform details (200+ APIs, new pay-per-run, API Gateway, RapidAPI, OpenClaw options) - Improved platform trust messaging for international security teams (USA, UK, Europe) - Minor editorial corrections and improved description of supported platforms and payment channels - No changes to usage flow or API integration instructions
v1.1.0
No major feature changes; edits update external links and social/contact sections. - Updated "About" section with new Portal, RapidAPI, and YouTube links. - Changed API Hub URL and RapidAPI username wherever listed. - Adjusted YouTube channel reference to new channel URL. - No changes to usage, workflow, prerequisites, or API behavior.
v1.0.0
Initial release of the Threat Assessment & Defense Guide skill: - Generate comprehensive cybersecurity threat assessments and tailored defense guides. - Supports evaluation of threat landscapes, building defense strategies, and threat modeling. - Guides users to provide threat type, industry, and asset details for precise recommendations. - Integrates with ToolWeb.in API requiring TOOLWEB_API_KEY and curl. - Outputs actionable assessments covering threat, defense, detection, and incident response. - Includes clear error handling and guidance for API usage and subscription.
Metadata
Slug threat-assessment-defense-guide
Version 1.0.2
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 8
Frequently Asked Questions

What is Threat Assessment Defense Guide?

Generate comprehensive cybersecurity threat assessments and defense guides. Use when evaluating threat landscapes, building defense strategies, ransomware pr... It is an AI Agent Skill for Claude Code / OpenClaw, with 415 downloads so far.

How do I install Threat Assessment Defense Guide?

Run "/install threat-assessment-defense-guide" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Threat Assessment Defense Guide free?

Yes, Threat Assessment Defense Guide is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Threat Assessment Defense Guide support?

Threat Assessment Defense Guide is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Threat Assessment Defense Guide?

It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments