← Back to Skills Marketplace
IP Threat Check
by
freeter226
· GitHub ↗
· v1.0.0
· MIT-0
135
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ip-threat-check
Description
Check IP address threat intelligence. Query multiple sources for IP reputation, geolocation, and threat scores.
README (SKILL.md)
IP Threat Check
Check IP address threat intelligence from multiple sources.
Features
- Multi-source Query - Query multiple threat intelligence sources
- Geolocation - Get IP geolocation info
- Threat Score - Check abuse/threat scores
- History - View recent abuse reports
- Bulk Check - Check multiple IPs at once
Usage
python3 skills/ip-threat-check/scripts/ip_threat.py \x3Caction> [options]
Actions
| Action | Description |
|---|---|
check |
Check single IP address |
bulk |
Check multiple IPs |
info |
Get basic IP info (no API key needed) |
Options
| Option | Type | Default | Description |
|---|---|---|---|
--ip |
string | - | IP address to check |
--file |
string | - | File with IPs (one per line) |
--source |
string | all | Source (all, abuseipdb, ipapi) |
--days |
int | 30 | Days of history to check |
Data Sources
| Source | API Key | Info Provided |
|---|---|---|
| ip-api.com | ❌ Free | Geolocation, ISP |
| AbuseIPDB | ✅ Required | Threat score, reports |
| VirusTotal | ✅ Optional | Additional threat info |
Examples
# Basic IP info (no API key)
python3 skills/ip-threat-check/scripts/ip_threat.py info --ip 8.8.8.8
# Full threat check (requires API key)
python3 skills/ip-threat-check/scripts/ip_threat.py check --ip 192.168.1.1
# Bulk check
python3 skills/ip-threat-check/scripts/ip_threat.py bulk --file ips.txt
Environment Variables
| Variable | Required | Description |
|---|---|---|
ABUSEIPDB_API_KEY |
Optional | AbuseIPDB API key |
Output Example
{
"success": true,
"ip": "8.8.8.8",
"geolocation": {
"country": "United States",
"city": "Mountain View",
"isp": "Google LLC"
},
"threat": {
"score": 0,
"reports": 0,
"risk": "low"
}
}
Use Cases
- Security Analysis - Check suspicious IPs
- Log Analysis - Enrich log data with threat info
- Incident Response - Quick IP reputation check
- Threat Hunting - Identify malicious IPs
Current Status
In development.
Usage Guidance
This skill appears to do what it says: run the included Python script to query ip-api.com (free) and AbuseIPDB (if you set ABUSEIPDB_API_KEY). Before installing, consider: (1) providing an AbuseIPDB key will send queried IPs to that third party — do not submit private/internal addresses you don't want disclosed; (2) the metadata/README disagree about whether the key is required — the script will simply skip AbuseIPDB if no key is present; (3) SKILL.md mentions VirusTotal but the script does not use it; (4) outbound HTTP(S) calls will be made to ip-api.com and api.abuseipdb.com and may be rate-limited. If you need the skill to use additional sources (e.g., VirusTotal) or to avoid sending certain IP ranges, review/modify the included script before use.
Capability Analysis
Type: OpenClaw Skill
Name: ip-threat-check
Version: 1.0.0
The skill is a legitimate tool for querying IP threat intelligence and geolocation data from ip-api.com and AbuseIPDB. The core logic in `scripts/ip_threat.py` uses standard Python libraries (urllib) to perform API requests and lacks any indicators of malicious intent, such as data exfiltration, unauthorized execution, or prompt injection.
Capability Assessment
Purpose & Capability
Name/description (IP threat checks) align with required binaries (python3), the single environment variable (ABUSEIPDB_API_KEY) and the included script. The script queries ip-api.com and AbuseIPDB, which is coherent with the stated purpose.
Instruction Scope
Runtime instructions are scoped to running the included Python script and supplying an IP or file of IPs. The script performs only network queries to ip-api.com and api.abuseipdb.com and reads a user-provided file for bulk mode. Minor issues: SKILL.md mentions VirusTotal as an optional source but the included script does not call VirusTotal; SKILL.md metadata lists ABUSEIPDB_API_KEY as required while the script treats it as optional (skips AbuseIPDB if not set).
Install Mechanism
There is no install spec (instruction-only with an included script). No external packages are downloaded or executed during install; the only runtime requirement is python3 which is reasonable for a Python script.
Credentials
Only ABUSEIPDB_API_KEY is referenced. This is proportionate to accessing AbuseIPDB. However, registry/metadata and SKILL.md differ about whether that variable is required or optional; the code treats it as optional. No other credentials or unrelated secrets are requested.
Persistence & Privilege
The skill does not request persistent or elevated privileges, does not set always:true, and does not modify other skills or system configuration. It runs only when invoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ip-threat-check - After installation, invoke the skill by name or use
/ip-threat-check - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
首个版本:支持 IP 地理位置查询、威胁情报查询、批量检查
Metadata
Frequently Asked Questions
What is IP Threat Check?
Check IP address threat intelligence. Query multiple sources for IP reputation, geolocation, and threat scores. It is an AI Agent Skill for Claude Code / OpenClaw, with 135 downloads so far.
How do I install IP Threat Check?
Run "/install ip-threat-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is IP Threat Check free?
Yes, IP Threat Check is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does IP Threat Check support?
IP Threat Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created IP Threat Check?
It is built and maintained by freeter226 (@freeter226); the current version is v1.0.0.
More Skills