Description

Enterprise-grade cybersecurity framework assessment platform that evaluates organizational security controls across the kill chain spectrum.

README (SKILL.md)

Overview

Name: Cyber Kill Chain
Author: krishnakumarmahadevan-cmd

The Cyber Kill Chain Security Assessment platform is an enterprise-grade tool designed to systematically evaluate organizational security posture across multiple stages of the MITRE ATT&CK kill chain framework. This API enables security teams to document control implementation status, measure compliance gaps, and generate comprehensive security assessments tailored to organizational risk profiles.

Built for security professionals, compliance officers, and enterprise risk managers, this platform transforms control validation into actionable security intelligence. By mapping security controls to kill chain stages, organizations gain visibility into defense effectiveness and can prioritize remediation efforts based on attack vector coverage.

The assessment engine supports three operational tiers—basic, standard, and enterprise—accommodating organizations from small teams to large multi-division enterprises. Each tier provides proportionate depth of analysis, enabling right-sized security assessment without unnecessary complexity.

Usage

Sample Request

{
  "tier": "standard",
  "sessionId": "ckc-2024-q1-audit-001",
  "controls": {
    "reconnaissance": [
      {
        "controlId": "RECON-001",
        "compliant": true,
        "notes": "OSINT monitoring active via threat intelligence platform"
      },
      {
        "controlId": "RECON-002",
        "compliant": false,
        "notes": "Domain registration monitoring not yet implemented"
      }
    ],
    "weaponization": [
      {
        "controlId": "WEAPON-001",
        "compliant": true,
        "notes": "Email gateway sandboxing enabled with 48-hour detonation window"
      }
    ],
    "delivery": [
      {
        "controlId": "DELIVERY-001",
        "compliant": true,
        "notes": "Advanced email filtering with machine learning enabled"
      },
      {
        "controlId": "DELIVERY-002",
        "compliant": false,
        "notes": "USB device policy enforcement pending endpoint refresh"
      }
    ]
  }
}

Sample Response

{
  "assessmentId": "ckc-2024-q1-audit-001",
  "tier": "standard",
  "timestamp": "2024-01-15T10:30:00Z",
  "overallScore": 72,
  "complianceRate": 0.78,
  "stageBreakdown": {
    "reconnaissance": {
      "score": 50,
      "compliant": 1,
      "total": 2,
      "gaps": [
        "Domain registration monitoring"
      ]
    },
    "weaponization": {
      "score": 100,
      "compliant": 1,
      "total": 1,
      "gaps": []
    },
    "delivery": {
      "score": 75,
      "compliant": 2,
      "total": 3,
      "gaps": [
        "USB device policy enforcement"
      ]
    }
  },
  "recommendations": [
    {
      "stage": "reconnaissance",
      "priority": "high",
      "action": "Implement domain registration monitoring service"
    },
    {
      "stage": "delivery",
      "priority": "medium",
      "action": "Accelerate endpoint policy enforcement rollout"
    }
  ],
  "nextReviewDate": "2024-04-15"
}

Endpoints

GET /health

Description: Health check endpoint for service availability verification.

Parameters: None

Response:

Status Code: 200
Content-Type: application/json
Body: JSON object confirming service health status

POST /api/security/assess

Description: Perform comprehensive Cyber Kill Chain security assessment across specified control domains and kill chain stages.

Parameters:

Name	Type	Required	Description
tier	string	Yes	Assessment tier level: `basic`, `standard`, or `enterprise`. Determines scope and depth of analysis.
sessionId	string	Yes	Unique session identifier for audit trail and assessment tracking. Recommended format: `ckc-YYYY-MM-QX-description`.
controls	object	Yes	Kill chain stage controls indexed by stage name. Each stage contains array of control assessments.
controls[stage]	array	Yes	Array of control assessments for a specific kill chain stage (e.g., `reconnaissance`, `weaponization`, `delivery`).
controlId	string	Yes	Unique identifier for the security control being assessed.
compliant	boolean	Yes	Compliance status: `true` if control is implemented and operational, `false` if non-compliant.
notes	string	Optional	Contextual notes, implementation details, or remediation timeline. Maximum 500 characters recommended.

Response:

Status Code: 200
Content-Type: application/json
Body: Assessment results including overall score, stage-by-stage breakdown, compliance rate, identified gaps, and remediation recommendations.

Error Responses:

Status Code: 422
Description: Validation error. Request failed schema validation (missing required fields, invalid tier value, malformed control structure).
Content-Type: application/json
Body: Validation error details with field locations and error messages.

OPTIONS /api/security/assess

Description: CORS preflight request handler for cross-origin assessment submissions.

Parameters: None

Response:

Status Code: 200
Content-Type: application/json
Body: CORS headers configuration confirming allowed methods and origins.

Pricing

Plan	Calls/Day	Calls/Month	Price
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/security/cyber-kill-chain
API Docs: https://api.mkkpro.com:8043/docs

Usage Guidance

This skill appears internally consistent and low-risk as delivered (documentation + OpenAPI). Before installing or sending real assessment data, verify the service provider (the package lists toolweb.in links but no official homepage), confirm the actual endpoint/host you will be calling, and avoid submitting sensitive production data until you’ve validated data handling, retention, and access controls. If you need stronger assurance, request an official SDK/hosted endpoint, TLS assurances, and a privacy/SLA statement from the provider.

Capability Analysis

Type: OpenClaw Skill Name: cyber-kill-chain Version: 1.0.0 The skill bundle describes a legitimate security assessment tool for evaluating organizational controls against the Cyber Kill Chain framework. The documentation (SKILL.md) and API specification (openapi.json) are consistent, focusing on processing security compliance data via a POST request to a defined endpoint (api.mkkpro.com). No evidence of malicious intent, prompt injection, or unauthorized data exfiltration was found.

Capability Assessment

✓ Purpose & Capability

Name, description, SKILL.md and openapi.json consistently describe an assessment API for mapping controls to kill-chain stages. There are no unexpected environment variables, binaries, or config paths requested that would be unrelated to an assessment tool.

✓ Instruction Scope

SKILL.md contains API documentation, sample requests/responses, and endpoint descriptions only. It does not instruct the agent to read local files, access system state, harvest environment variables, or send data to unrelated endpoints.

✓ Install Mechanism

No install spec and no code files beyond documentation (instruction-only). Nothing is written to disk or downloaded by an installer; this is the lowest-risk install posture.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths. That is proportionate for a documentation/ API-definition-only skill.

✓ Persistence & Privilege

Flags show always:false (not forced), user-invocable, and normal autonomous invocation allowed. The skill does not request persistent system-level presence or modify other skills/configuration.

Version History

v1.0.0

Initial release of the Cyber Kill Chain Security Assessment platform. - Provides an enterprise-grade API for assessing organizational security controls across the MITRE ATT&CK kill chain. - Supports three operational tiers (basic, standard, enterprise) to match assessment depth to organizational needs. - Returns detailed compliance reporting: overall score, per-stage breakdown, identified security gaps, and prioritized remediation recommendations. - Includes health check, assessment submission, and CORS preflight endpoints. - Transparent pricing tiers with free, developer, professional, and enterprise plans. - Documentation outlines integration details, sample requests/responses, and support links.

Metadata

Slug cyber-kill-chain

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Cyber Kill Chain?

Enterprise-grade cybersecurity framework assessment platform that evaluates organizational security controls across the kill chain spectrum. It is an AI Agent Skill for Claude Code / OpenClaw, with 169 downloads so far.

How do I install Cyber Kill Chain?

Run "/install cyber-kill-chain" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cyber Kill Chain free?

Yes, Cyber Kill Chain is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Cyber Kill Chain support?

Cyber Kill Chain is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cyber Kill Chain?

It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.0.

More Skills

Cyber Kill Chain

Overview

Usage

Sample Request

Sample Response

Endpoints

GET /health

POST /api/security/assess

OPTIONS /api/security/assess

Pricing

About

References

What is Cyber Kill Chain?

How do I install Cyber Kill Chain?

Is Cyber Kill Chain free?

Which platforms does Cyber Kill Chain support?

Who created Cyber Kill Chain?

💬 Comments