← Back to Skills Marketplace
Klaus IOC Scanner
by
runawaydevil
· GitHub ↗
· v1.0.0
298
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install klaus-ioc-scan
Description
Analisa URLs, domínios e IPs para verificar reputação e detectar malware ou phishing usando VirusTotal e AbuseIPDB.
README (SKILL.md)
Klaus IOC Scanner 🛡️
Analisa URLs, domínios e IPs (IOCs) usando VirusTotal e AbuseIPDB para verificar reputação e detecções de malware/phishing.
Gatilhos
Use esta skill quando o usuário:
- Colar URLs, domínios ou IPs
- Pedir: "scan", "verificar", "reputação", "é malicioso?", "VirusTotal", "AbuseIPDB"
Configuração
Variáveis de Ambiente
export VIRUSTOTAL_API_KEY="sua_chave_virustotal"
export ABUSEIPDB_API_KEY="sua_chave_abuseipdb"
Uso via Linha de Comando
# Verificar IP
python3 src/ioc_scan.py scan 45.67.89.10
# Verificar domínio
python3 src/ioc_scan.py scan exemplo.com
# Verificar URL
python3 src/ioc_scan.py scan "https://exemplo.com/login"
# Verificar múltiplos IOCs
python3 src/ioc_scan.py scan "https://exemplo.com 8.8.8.8 dominio.ruim"
# Modo detalhado
python3 src/ioc_scan.py scan --verbose 1.2.3.4
Exemplos
- "Verifica a reputação deste IP: 45.67.89.10"
- "Esse link é phishing? https://exemplo.tld/login"
- "Analisa: exemplo.com 8.8.8.8"
Saída
A skill retorna:
- Resumo executivo com veredito
- Tabela rápida de resultados
- Detalhes por IOC (VirusTotal + AbuseIPDB)
- Recomendações de ação
Usage Guidance
This skill appears to do what it says: query VirusTotal and AbuseIPDB for URLs/domains/IPs. Before installing: (1) review the included src/ioc_scan.py yourself (or run it in an isolated environment) to confirm behavior; (2) only provide dedicated API keys for VirusTotal and AbuseIPDB (create keys you can revoke and monitor) because submitted IOCs will be visible to those services; (3) note the package does not declare the Python 'requests' dependency — ensure your environment has it; (4) the metadata lists 'curl' though the code doesn't use it (likely harmless but sloppy); (5) avoid submitting sensitive/private URLs/hosts since submitting to VirusTotal/AbuseIPDB can leak them to third-party threat-intel systems; and (6) if you are unsure about trusting the unknown author, consider running the script locally or in a sandbox and monitor API usage before granting access to important/long-lived credentials.
Capability Analysis
Type: OpenClaw Skill
Name: klaus-ioc-scan
Version: 1.0.0
The skill is a legitimate security tool designed to scan Indicators of Compromise (IOCs) using VirusTotal and AbuseIPDB APIs. The Python script `src/ioc_scan.py` implements standard regex-based extraction and API interaction logic, correctly handling sensitive API keys via environment variables and communicating only with official endpoints (virustotal.com and abuseipdb.com). No evidence of malicious intent, data exfiltration, or prompt injection was found.
Capability Assessment
Purpose & Capability
Name/description claim scanning IOCs via VirusTotal and AbuseIPDB and the package indeed queries those services and asks for their API keys. One minor mismatch: SKILL metadata lists curl as a required binary, but the Python code uses the requests library and does not call curl.
Instruction Scope
SKILL.md instructs providing VIRUSTOTAL_API_KEY and ABUSEIPDB_API_KEY and running the included Python script; the instructions and code limit network calls to VirusTotal (v2 endpoints) and AbuseIPDB. The skill extracts IOCs from supplied text and does not reference unrelated system files or other environment variables. Note: SKILL.md's declared required bin ('curl') is not actually invoked by the code.
Install Mechanism
There is no install spec (instruction-only), which minimizes installation risks. However, the bundle includes a Python script that imports requests but the package does not declare or install that dependency; runtime will fail if requests is not present. No external downloads or obscure endpoints are used.
Credentials
The skill requires exactly two API keys (VirusTotal and AbuseIPDB) which are necessary for its stated functionality. No other credentials, system config paths, or unrelated secrets are requested.
Persistence & Privilege
The skill is not forced always-on (always:false) and does not request elevated or system-wide persistence. It does not modify other skills or global agent settings in the provided files.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install klaus-ioc-scan - After installation, invoke the skill by name or use
/klaus-ioc-scan - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of klaus-ioc-scan.
- Scans URLs, domains, and IPs (IOCs) for reputation and malware/phishing detections using VirusTotal and AbuseIPDB.
- Accepts input via user triggers (scan, reputação, "é malicioso?", etc.) and command-line interface.
- Requires API keys for VirusTotal and AbuseIPDB.
- Returns summary verdict, quick results table, detailed IOC report, and actionable recommendations.
Metadata
Frequently Asked Questions
What is Klaus IOC Scanner?
Analisa URLs, domínios e IPs para verificar reputação e detectar malware ou phishing usando VirusTotal e AbuseIPDB. It is an AI Agent Skill for Claude Code / OpenClaw, with 298 downloads so far.
How do I install Klaus IOC Scanner?
Run "/install klaus-ioc-scan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Klaus IOC Scanner free?
Yes, Klaus IOC Scanner is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Klaus IOC Scanner support?
Klaus IOC Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Klaus IOC Scanner?
It is built and maintained by runawaydevil (@runawaydevil); the current version is v1.0.0.
More Skills