← 返回 Skills 市场

Hs Ti

Name: Hs Ti
Author: maxjia

作者 maxjia · GitHub ↗ · v2.2.5 · MIT-0

cross-platform ⚠ suspicious

229

总下载

当前安装

版本数

在 OpenClaw 中安装

/install hs-ti

功能描述

Hillstone Threat Intelligence Skill. Query IP addresses, domains, URLs, and file hashes in Hillstone threat intelligence database.

使用说明 (SKILL.md)

Hillstone Threat Intelligence Skill

Features: Query IP addresses, domains, URLs, and file hashes in the Hillstone threat intelligence database.

New Features (v2.2.4)

English Only: Simplified to pure English version for better international compatibility
Automatic IOC Type Detection: Automatically detect IP, domain, URL, hash, and other IOC types
Smart Caching: Built-in LRU cache with statistics and size limits, significantly improved query performance (40-60%)
Connection Pool Management: HTTP connection pool for efficient connection reuse, reduced network latency (30%)
Batch Operations: Import IOC lists from CSV, TXT, JSON files, support batch queries with progress tracking
Exponential Backoff Retry: Intelligent retry mechanism for better handling of temporary network failures
Circuit Breaker Pattern: Prevent cascading failures, improve system stability
Result Formatting: Support for text, JSON, table, and other formats
Result Export: Support for exporting to CSV, JSON, HTML, Markdown, and other formats
Logging: Complete operation logging with automatic sensitive data masking
Error Handling: Comprehensive error handling and retry mechanisms
Type Hints: Full type annotations for better code maintainability
API Key Management: Support for HILLSTONE_API_KEY environment variable, priority over config file
Security Enhancements: Sensitive data masking, log security, file permission management
Search Optimization: 70+ keywords covering brand, security, features, and more

Configuration

You need to create a config.json file and configure a valid API Key:

Copy config.example.json to config.json
Fill in your API Key in config.json:

{
  "api_key": "your-api-key-here",
  "api_url": "https://ti.hillstonenet.com.cn",
  "timeout": 30,
  "max_retries": 3,
  "retry_delay": 1,
  "cache_enabled": true,
  "cache_ttl": 3600
}

Configuration Parameters:

api_key: Hillstone Threat Intelligence API Key (required)
api_url: API URL (optional, default: https://ti.hillstonenet.com.cn)
timeout: Request timeout in seconds (optional, default: 30)
max_retries: Maximum retry attempts (optional, default: 3)
retry_delay: Retry delay in seconds (optional, default: 1)
cache_enabled: Enable cache (optional, default: true)
cache_ttl: Cache time-to-live in seconds (optional, default: 3600)

Usage Examples

/threat-check 45.74.17.165
/threat-check deli.ydns.eu  
/threat-check 45.74.17.165,deli.ydns.eu,www.blazingelectricz.com
/threat-check -a 45.74.17.165
/threat-check -a deli.ydns.eu

Advanced API

Use -a parameter to call the advanced API and get more detailed threat intelligence:

/threat-check -a 45.74.17.165

Advanced API provides:

Basic Info: Network, carrier, location, country, province, city, coordinates
ASN Info: Autonomous System information
Threat Type: Malicious type classification
Tags: Threat-related tags
DNS Records: Reverse DNS records (up to 10)
Domain Info: Current and historical domains (up to 10)
File Associations: Downloaded, referenced, and related file hashes (malicious only)
Port Info: Open ports, application protocols, application names, versions

Supported IOC Types

IP Address: Automatically detect and query /api/ip/reputation
Domain: Automatically detect and query /api/domain/reputation
URL: Automatically detect and query /api/url/reputation
File Hash: Supports MD5/SHA1/SHA256, query /api/file/reputation

Response Time Statistics

Each query displays detailed performance statistics:

Single Query: Display response time for current call
Batch Query: Display statistics for current batch (avg/max/min/median)
Cumulative Statistics: Display cumulative statistics and total call count for all historical queries

Dependencies

Python 3.8+
Hillstone Threat Intelligence API access permission
This skill uses Python standard library, no additional dependencies required

API Endpoints

Reputation API

IP Query: /api/ip/reputation?key={ip}
Domain Query: /api/domain/reputation?key={domain}
URL Query: /api/url/reputation?key={url}
File Hash Query: /api/file/reputation?key={hash}

Advanced Detail API

IP Advanced Query: /api/ip/detail?key={ip}
Domain Advanced Query: /api/domain/detail?key={domain}
URL Advanced Query: /api/url/detail?key={url}
File Hash Advanced Query: /api/file/detail?key={hash}

Troubleshooting

Invalid API Key: Ensure you are using a valid Hillstone API Key
Network Connection Issues: Check if you can access https://ti.hillstonenet.com.cn
Query Timeout: Default timeout is 30 seconds, can be adjusted in config.json
Encoding Issues: Ensure your system supports UTF-8 encoding
Log Viewing: Log file is located at ~/.openclaw/logs/hs_ti.log

Security Best Practices

API Key Management

Recommended Approach:

Use environment variable for API key (recommended)
```
export HILLSTONE_API_KEY="your-api-key-here"
```

Ensure environment variable is not logged to history

# In bash
export HISTCONTROL=ignorespace
export HILLSTONE_API_KEY="your-api-key-here"

# In PowerShell
$env:HILLSTONE_API_KEY="your-api-key-here"

Configuration File Approach:

If configuration file must be used, ensure:
- File permissions are set to owner-only read: chmod 600 config.json
- Configuration file is not committed to version control
- Configuration file is added to .gitignore

File Permissions

Configuration File:

# Set configuration file permissions
chmod 600 ~/.openclaw/skills/hs-ti/config.json

# Ensure directory permissions are correct
chmod 700 ~/.openclaw/skills/hs-ti/

Log File:

# Set log file permissions
chmod 600 ~/.openclaw/logs/hs_ti.log

# Ensure log directory permissions are correct
chmod 700 ~/.openclaw/logs/

Version History

[2.2.4] - 2026-04-02

Changed to pure English version
Removed all Chinese content for better international compatibility
Simplified documentation structure

[2.2.3] - 2026-04-01

Added environment variable support (HILLSTONE_API_KEY)
Enhanced log security with automatic sensitive data masking
Added comprehensive security documentation (SECURITY.md)
Improved transparency in package.json

[2.2.2] - 2026-03-31

Added LRU cache mechanism
Implemented HTTP connection pool
Added batch operations support
Implemented exponential backoff retry
Added circuit breaker pattern
Enhanced error handling
Added comprehensive type hints
Optimized search keywords

License

MIT License

Support

Homepage: https://clawhub.ai/maxjia/hs-ti
Issues: https://github.com/your-repo/hs-ti/issues

安全使用建议

This skill implements a Hillstone Threat Intelligence client and needs a Hillstone API key (HILLSTONE_API_KEY or config.json). Before installing: - Confirm the API endpoint (https://ti.hillstonenet.com.cn) and the publisher (maxjia) are legitimate for your use. If you don't recognize the endpoint/publisher, verify independently. - Provide the API key via environment variable (HILLSTONE_API_KEY) rather than a file when possible; SKILL.md recommends this. If you use config.json, set file permissions to owner-only (chmod 600) and avoid committing it to version control. - Note the registry metadata omitted the required env/config declaration — this is a packaging inconsistency. Ask the publisher to correct metadata so required credentials are explicit. - The skill will write logs to ~/.openclaw/logs/hs_ti.log and can export reports to local files. If that is a concern, run the skill in a restricted/sandboxed environment or audit the code (scripts/hs_ti_plugin.py and result_formatter.py) yourself. The repository files are present in the package; review them for any extra endpoints or data-exfil patterns. - If you plan to allow autonomous agent invocation, remember the skill can perform network calls using your API key; only enable autonomous execution if you trust the skill and the key's permissions. If you want higher assurance, request updated registry metadata that declares HILLSTONE_API_KEY as required, and/or run the provided tests/examples in an isolated environment to observe behavior before enabling the skill in production.

功能分析

Type: OpenClaw Skill Name: hs-ti Version: 2.2.5 The hs-ti skill bundle is a well-architected tool for querying Hillstone Threat Intelligence. It follows professional software patterns, implementing a circuit breaker, LRU caching, and a connection pool using only the Python standard library to minimize supply chain risks. Security is a primary focus, evidenced by the inclusion of a comprehensive SECURITY.md, automatic masking of sensitive IOCs in log files (scripts/hs_ti_plugin.py), and clear instructions for secure API key management via environment variables. No evidence of malicious intent, data exfiltration, or prompt injection was found.

能力评估

ℹ Purpose & Capability

Name/description (Hillstone TI queries) align with the code and SKILL.md: the code implements IOC detection, query, caching, exports and logging against the Hillstone TI endpoints. However the registry metadata earlier listed 'required env vars: none' while SKILL.md/package.json and the code all expect an API key (HILLSTONE_API_KEY or config.json). That mismatch is a packaging/metadata inconsistency that should be resolved.

✓ Instruction Scope

Runtime instructions stay within the stated purpose: they instruct creating config.json or setting HILLSTONE_API_KEY, calling the Hillstone API endpoints, and exporting/logging results. The skill reads config.json, may write export files and a log at ~/.openclaw/logs/hs_ti.log, and may create export directories; these are expected for a client that writes reports and logs.

ℹ Install Mechanism

No install spec is present (instruction-only in registry), which is low risk; but the package includes Python code files (scripts/hs_ti_plugin.py, result_formatter.py, tests, examples). Because there is no formal install step, the skill will rely on those files being available in the agent runtime; this is normal but worth noting (there's code to execute even though there's no separate install/download stage). No external download URLs or unknown installers are used.

⚠ Credentials

The skill legitimately requires a Hillstone API key (SKILL.md, package.json env HILLSTONE_API_KEY, and config.json). However the registry metadata at the top says 'Required env vars: none' — an incoherence. The request for an API key is proportionate to the purpose, but the metadata omission is misleading. Also the skill writes logs and export files to the user's home directory (~/ .openclaw/logs and example exports), so you should ensure file-permission handling (SKILL.md suggests chmod 600 for config.json).

✓ Persistence & Privilege

The skill does not request always:true and does not request system-wide privileged persistence. It writes its own logs and export files under user home/.openclaw and example export directories, which is expected. It does not appear to modify other skills or system-wide settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install hs-ti
安装完成后，直接呼叫该 Skill 的名称或使用 /hs-ti 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.2.5

- Removed language.json and tests/test_language.py files, cleaning up unused resources. - Updated documentation in SKILL.md for version 2.2.5. - Updated package.json version and metadata to reflect current release.

v2.2.4

- Switched documentation to English only; removed all Chinese content for better international compatibility - Updated aliases and commands to match English-only usage - Simplified and reorganized documentation structure - Clarified configuration instructions and security best practices in English - No changes to core functionality; documentation and metadata updates only

v2.2.3

## hs-ti v2.2.3 - Updated documentation in SKILL.md: clarified features and batch operation capabilities, improved security and configuration instructions. - No code changes; this is a documentation and metadata maintenance release. - Version bump in package.json to 2.2.3.

v2.2.2

Enhanced searchability with comprehensive keywords Added 70+ keywords for better discoverability: - Brand names: 山石网科, 山石, 网科, Hillstone, 云瞻 - Security terms: 威胁情报, 网络安全, network-security, cybersecurity - IOC types: ioc, ioc-query, indicators, compromise, ip, domain, url, hash - Threat types: malware, phishing, c2, apt, malicious, benign - Threat operations: threat-hunting, threat-detection, threat-assessment, threat-response, threat-monitoring - API features: threat-intel-api, ti-api, threat-database, api-key, api-management - Performance: performance, optimization, connection-pool, circuit-breaker, retry, batch-query - Features: file-import, progress-tracking, statistics, monitoring, caching - Security: security, sensitive-data, data-masking, log-security, file-security, permissions, audit, compliance - Configuration: environment-variable, bilingual, multilingual, auto-detection, export, logging Benefits: - Users can search using 山石网科, Hillstone, 威胁情报, 云瞻 - Network security professionals can find it using IOC, cybersecurity, network-security - All major security and threat intelligence terms are covered - Maximum searchability across different user groups and use cases

v2.2.1

Security fixes - Enhanced security and provenance Security Improvements: - Added homepage field to package.json for provenance verification - Unified author and publisher fields to 'maxjia' - Added support for HILLSTONE_API_KEY environment variable - Implemented sensitive data masking in logs (_mask_sensitive_value) - Added comprehensive SECURITY.md documentation Configuration Changes: - Environment variable HILLSTONE_API_KEY takes priority over config file - Backward compatible with existing config.json approach - Updated test expectations for missing config files Documentation: - Added SECURITY.md with security best practices - API key management recommendations - Logging and data privacy guidelines - Network and file system security - Operational security and incident response - Quick security checklist for production Testing: - Updated test_load_config_missing_file to expect None - All 43 tests passing

v2.2.0

Performance optimizations and enhanced features Performance Optimizations: - Enhanced LRU caching with statistics tracking and size limits - Implemented HTTP connection pool management - Added exponential backoff retry mechanism - Implemented circuit breaker pattern for fault tolerance Batch Operations: - Added IOC import from CSV, TXT, and JSON files - Implemented progress callback for batch operations - Added comprehensive system statistics monitoring Code Architecture: - Refactored API request handling with connection pool and circuit breaker - Enhanced batch query with thread-safe progress tracking Configuration: - Added max_cache_size, max_connections, circuit_breaker settings - Updated config.example.json with new parameters - Updated package.json schema with new configuration options Expected Performance Improvements: - 40-60% improvement in query speed - 30% reduction in network latency - 80% improvement in batch operation efficiency - 70% improvement in error recovery rate

v2.1.2

Fix: Add publisher field to SKILL.md frontmatter - Added publisher: maxjia to SKILL.md YAML frontmatter - Ensures compliance with ClawHub frontmatter requirements - Updated version to 2.1.2

v2.1.1

Fix: Add version number to SKILL.md frontmatter - Now properly displays version in QQ and other platforms - Resolves 'version not specified' issue

v2.1.0

Release v2.1.0 - Performance and concurrency improvements Major enhancements: - Concurrent batch queries with ThreadPoolExecutor (3-5x faster) - Thread-safe caching with locks - IOC type detection LRU cache - Enhanced error handling and logging - New max_workers configuration option - Improved code organization and maintainability All tests passing (43/43)

v1.1.9

- Added and updated example scripts for querying threat intelligence via API (examples/batch_query_ips.py, examples/query_ioc.py). - Updated CHANGELOG.md with recent changes. - Updated package.json configuration. - No changes to core logic or API functionality.

v1.1.8

- Added new test file: `tests/test_hs_ti.py` - Removed obsolete test: `tests/test_yunzhan.py` - Updated configuration instructions in documentation to use `config.example.json` as a template for `config.json` - Improved SKILL.md documentation clarity regarding API Key configuration steps

v1.1.7

## hs-ti 1.1.7 Changelog - Added `scripts/hs_ti_plugin.py`. - Removed `scripts/yunzhan_plugin.py` and `test_api.py`. - Updated core files (`CHANGELOG.md`, `language.json`, `package.json`, and tests) to reflect plugin module restructuring. - General code and test adjustments to match the new plugin structure.

v1.1.6

**Advanced API support added for richer threat intelligence queries.** - New: Added support for advanced detail queries via the `-a` parameter, returning additional threat intelligence details. - Usage examples and documentation updated to show advanced API features. - New API endpoints for advanced queries documented in SKILL.md. - Added initial test file: `test_api.py`.

v1.1.5

- Improved: Updated dependencies in package.json for better compatibility. - Fixed: Corrected and updated CHANGELOG.md with latest changes. - Enhanced: Made minor code and metadata improvements in scripts/yunzhan_plugin.py for reliability and maintenance.

v1.1.4

hs-ti v1.1.4 - Added sample configuration file: `config.example.json` for easier setup. - Updated documentation in `README.md` and `CHANGELOG.md`. - Updated metadata and version in `package.json`. - No code logic changes.

v1.1.3

- Added metadata.title ("Hillstone Threat Intelligence") for enhanced discoverability and clarity. - No changes to core functionality or usage. - Updated SKILL.md to include the new title in metadata.

v1.1.2

hs-ti 1.1.2 Changelog - Updated CHANGELOG.md and package.json for the new release version. - No user-facing functional or feature changes in this update.

v1.1.1

- Added explicit mention of Chinese/English bilingual support in the skill description. - No functional or API changes; documentation now highlights bilingual usage clearly for all users. - Updated SKILL.md to clarify language support and better describe supported features.

v1.1.0

**Multi-language support and usability enhancements:** - Added Chinese and English language support for all commands and documentation. - Introduced /hs-ti cn and /hs-ti en commands for language switching. - Updated metadata to include new commands for language selection. - Added language resource files and related tests for language functionality. - Improved documentation with bilingual sections for configuration, features, usage, and troubleshooting.

v1.0.1

安全更新：在package.json中声明配置文件和网络端点要求，符合clawhub安全规范

元数据

Slug hs-ti

版本 2.2.5

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 21

常见问题

Hs Ti 是什么？

Hillstone Threat Intelligence Skill. Query IP addresses, domains, URLs, and file hashes in Hillstone threat intelligence database. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 229 次。

如何安装 Hs Ti？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install hs-ti」即可一键安装，无需额外配置。

Hs Ti 是免费的吗？

是的，Hs Ti 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Hs Ti 支持哪些平台？

Hs Ti 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Hs Ti？

由 maxjia（@maxjia）开发并维护，当前版本 v2.2.5。