← Back to Skills Marketplace
andresark

TrendAI Vision One Threat Intelligence

by andresark · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
103
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vision-one-threat-intel
Description
Query TrendAI Vision One threat intelligence. Use when: looking up IOCs (IP, domain, hash, URL, email), checking threat feeds, reading intelligence reports,...
Usage Guidance
This skill appears to do exactly what it claims: it runs local Python code that calls Trend Micro Vision One endpoints using the VISION_ONE_API_KEY. Before installing, verify you trust the skill source (homepage points to a GitHub repo but 'Source' is listed as unknown), and ensure the API key you supply has least-privilege: give only Threat Intelligence 'View' permissions for read-only use and add 'Configure' only if you need to use 'suspicious add'. Be aware 'suspicious add' is a write operation that can affect your org's block list — require human confirmation before running. The skill writes short-lived cache files to /tmp; if that is a concern, review or modify scripts/lib/cache.py. If you need higher assurance, review the referenced GitHub repo history and owner before use and rotate the API key if you suspect misuse.
Capability Analysis
Type: OpenClaw Skill Name: vision-one-threat-intel Version: 1.0.0 The skill bundle is a well-structured tool for interacting with the TrendAI Vision One Threat Intelligence API. It follows security best practices by using only Python standard libraries, implementing proper error handling and rate-limiting, and explicitly instructing the AI agent to seek user confirmation before performing write operations (e.g., adding an IOC to a blocklist in `v1ti.py`). No evidence of data exfiltration, obfuscation, or malicious intent was found.
Capability Tags
requires-oauth-token
Capability Assessment
Purpose & Capability
Name/description map to the requested resources: only VISION_ONE_API_KEY (and optional VISION_ONE_REGION) and python3 are required, which are appropriate for calling Trend Micro Vision One APIs. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the CLI source limit actions to Vision One API calls (feedIndicators, feeds, suspiciousObjects) and local formatting/caching. The only write action is 'suspicious add', which the docs mark as requiring explicit user confirmation. The runtime instructions do not request or read unrelated files or env vars.
Install Mechanism
There is no install spec (instruction-only skill for copy-in use) and the code uses only Python stdlib. No external downloads, package installs, or archive extraction are performed by the skill bundle itself.
Credentials
Only VISION_ONE_API_KEY is required (primaryEnv). An optional VISION_ONE_REGION is documented. No other SECRET/TOKEN/PASSWORD env vars are requested. The key's requested permissions are consistent with read operations and an optional configure permission for suspicious add.
Persistence & Privilege
always:false (no forced global enable). The skill stores short-lived cache files under a TMP cache directory (os.environ TMPDIR or /tmp), which is reasonable for caching API responses. It does not modify other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install vision-one-threat-intel
  3. After installation, invoke the skill by name or use /vision-one-threat-intel
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: 6 workflow-oriented commands for threat intel — lookup, feed, report, suspicious list/add, hunt. Zero dependencies, STIX 2.1 parsing, auto IOC detection.
Metadata
Slug vision-one-threat-intel
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is TrendAI Vision One Threat Intelligence?

Query TrendAI Vision One threat intelligence. Use when: looking up IOCs (IP, domain, hash, URL, email), checking threat feeds, reading intelligence reports,... It is an AI Agent Skill for Claude Code / OpenClaw, with 103 downloads so far.

How do I install TrendAI Vision One Threat Intelligence?

Run "/install vision-one-threat-intel" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is TrendAI Vision One Threat Intelligence free?

Yes, TrendAI Vision One Threat Intelligence is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does TrendAI Vision One Threat Intelligence support?

TrendAI Vision One Threat Intelligence is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created TrendAI Vision One Threat Intelligence?

It is built and maintained by andresark (@andresark); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments