← Back to Skills Marketplace
129
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install threat-intel-aggregator
Description
Aggregates and analyzes threat intelligence data to check targets against known threats and security risks.
Usage Guidance
This skill looks like documentation for a hosted threat-intel API but omits critical operational details. Before installing or using it: 1) Ask the publisher for the exact base URL(s) and the required authentication method (API key, token, OAuth) and verify the provider's identity and reputation. 2) Do not send real internal IPs, domain names, or sensitive indicators until you confirm where data will be sent, how it's stored, and what privacy/retention policies apply. 3) If the integration requires API keys, ensure keys will be scoped and stored only in secure platform credential storage (and that the skill declares the env var names). 4) Prefer skills that include a servers field in their OpenAPI and explicitly declare required credentials; absent that, treat this skill as untrusted and test only with non-sensitive samples. If the publisher provides those clarifications (server URL, auth, privacy/processing rules, and expected request/response behavior), this assessment could be revised to benign.
Capability Analysis
Type: OpenClaw Skill
Name: threat-intel-aggregator
Version: 1.0.0
The bundle defines a legitimate threat intelligence aggregation tool designed to check indicators (IPs, domains, hashes) against security databases. The SKILL.md and openapi.json files describe a standard REST API interface (api.mkkpro.com) without any evidence of malicious instructions, data exfiltration, or unauthorized execution patterns.
Capability Assessment
Purpose & Capability
The README describes a hosted API (pricing, commercial plans, external domains like api.mkkpro.com and toolweb.in) which normally requires a base URL and API credentials; the skill declares no required env vars, no primary credential, and no server configuration. That is disproportionate to an API-integration skill and inconsistent with the stated purpose.
Instruction Scope
The SKILL.md documents endpoints (POST /check-threat) and sample requests/responses but does not include a clear, safe runtime instruction for how the agent should reach that service (no base URL in the OpenAPI, no auth method). Without explicit restrictions, an agent using this skill may send user-provided targets to external hosts named in the doc (api.mkkpro.com / toolweb.in), which is sensitive for threat indicators.
Install Mechanism
No install spec or code is present (instruction-only). That minimizes local code execution risk. Nothing is downloaded or written to disk by an installer.
Credentials
A hosted threat-intel API with pricing would normally require API keys or tokens, yet the skill requests no credentials or config paths. This absence is disproportionate and could hide implicit dependence on platform-level secrets or require sending data unauthenticated to third parties.
Persistence & Privilege
The skill does not request always:true and has no install-time persistence. It is user-invocable only, and does not ask to modify other skills or system settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install threat-intel-aggregator - After installation, invoke the skill by name or use
/threat-intel-aggregator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the Threat Intelligence Aggregator API.
- Aggregates and analyzes threat intelligence data from multiple sources.
- Supports threat and risk checks for IPs, domains, file hashes, and URLs.
- Returns consolidated findings, confidence levels, and remediation recommendations.
- Offers a single POST /check-threat endpoint for rapid, multi-source threat assessment.
- Provides clear risk scoring and detailed response schema for easy integration.
Metadata
Frequently Asked Questions
What is Threat Intel Aggregator?
Aggregates and analyzes threat intelligence data to check targets against known threats and security risks. It is an AI Agent Skill for Claude Code / OpenClaw, with 129 downloads so far.
How do I install Threat Intel Aggregator?
Run "/install threat-intel-aggregator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Threat Intel Aggregator free?
Yes, Threat Intel Aggregator is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Threat Intel Aggregator support?
Threat Intel Aggregator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Threat Intel Aggregator?
It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.0.
More Skills