← Back to Skills Marketplace
246
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install toolweb-mitre-attack-mapper
Description
Map attacker behavior text or security report files to MITRE ATT&CK techniques, tactics, detection guidance, mitigation, and threat actor associations.
Usage Guidance
Before installing or using this skill, consider the following:
- The SKILL.md instructs you to upload incident reports or raw threat data to https://portal.toolweb.in. That domain and the skill's source are unverified (no homepage or owner details). Only upload non-sensitive, redacted, or synthetic data unless you fully trust the operator.
- The documentation references passing an X-API-Key or 'mcp_api_key' but the skill metadata does not declare any required credential. Ask the skill author to explicitly declare the required API key in the metadata and to provide a privacy/security policy describing how uploaded data is used, stored, and retained.
- Never provide your platform/agent MCP key or other platform credentials to a third-party skill. If the skill requires an API key, create a dedicated service key with minimal scope and monitor usage.
- Prefer to test with synthetic or anonymized reports first. Monitor outbound network requests (e.g., via a proxy) to confirm where data is sent.
- If you need offline or local mapping for sensitive reports, prefer tools you can run locally or open-source code you can inspect instead of sending raw incident artifacts to an unknown external API.
If the publisher can supply a verifiable homepage, a clear privacy policy, and updated metadata listing the required API key, the incoherence would be mitigated; until then treat the skill as suspicious.
Capability Analysis
Type: OpenClaw Skill
Name: toolweb-mitre-attack-mapper
Version: 1.0.0
The skill bundle is a documentation-only package (SKILL.md and _meta.json) that provides instructions for an AI agent to interact with a MITRE ATT&CK mapping API hosted at portal.toolweb.in. It functions as a legitimate security utility for analyzing threat descriptions and incident reports. There is no executable code, obfuscation, or evidence of malicious intent such as unauthorized data exfiltration or prompt injection.
Capability Assessment
Purpose & Capability
The high-level purpose (map attacker behavior to MITRE ATT&CK) matches the API calls shown in SKILL.md. However, the SKILL.md requires an X-API-Key header or an MCP 'mcp_api_key' parameter for authentication, yet the skill metadata declares no required environment variables or primary credential — this mismatch is unexpected and reduces trust.
Instruction Scope
The instructions direct the agent to POST free text or uploaded incident reports (PDF/DOCX/CSV/TXT) to an external endpoint (https://portal.toolweb.in/apis/security/mitre-attack-mapper). Uploading sensitive incident data to an external, unverified domain is a privacy/security risk. The docs also encourage passing an 'mcp_api_key' via MCP, which could cause the agent to use platform credentials. The SKILL.md does not limit or warn about sensitive data handling.
Install Mechanism
No install spec and no code files (instruction-only). This reduces surface area because nothing is written to disk by the skill itself.
Credentials
SKILL.md expects an API key (X-API-Key or mcp_api_key) but the registry metadata lists no required environment variables or primary credential. This is an incoherence: either the skill should declare that it needs an API key, or it should provide an alternative. There is also a risk the agent might be instructed (or tricked) into sending platform-level credentials via the 'mcp_api_key' parameter.
Persistence & Privilege
No elevated persistence flags (always:false) and no install-time hooks. The skill cannot force-enable itself or alter other skills from the provided material.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install toolweb-mitre-attack-mapper - After installation, invoke the skill by name or use
/toolweb-mitre-attack-mapper - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of MITRE ATT&CK Technique Mapper.
- Map free-text threat descriptions or upload security files to identify relevant MITRE ATT&CK techniques and tactics.
- Get technique IDs, tactics, confidence scores, detection guidance, and mitigation recommendations.
- Supports input via multipart/form-data (text and/or file upload).
- Returns ATT&CK Navigator layer exports and threat actor associations.
- Sample curl commands and detailed API usage instructions included.
- Pricing tiers available: Free, Developer, Professional, Enterprise.
Metadata
Frequently Asked Questions
What is MITRE ATT&CK Technique Mapper?
Map attacker behavior text or security report files to MITRE ATT&CK techniques, tactics, detection guidance, mitigation, and threat actor associations. It is an AI Agent Skill for Claude Code / OpenClaw, with 246 downloads so far.
How do I install MITRE ATT&CK Technique Mapper?
Run "/install toolweb-mitre-attack-mapper" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is MITRE ATT&CK Technique Mapper free?
Yes, MITRE ATT&CK Technique Mapper is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does MITRE ATT&CK Technique Mapper support?
MITRE ATT&CK Technique Mapper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created MITRE ATT&CK Technique Mapper?
It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.0.
More Skills