← 返回 Skills 市场

Klaus IOC Scanner

Name: Klaus IOC Scanner
Author: runawaydevil

作者 runawaydevil · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

298

总下载

当前安装

版本数

在 OpenClaw 中安装

/install klaus-ioc-scan

功能描述

Analisa URLs, domínios e IPs para verificar reputação e detectar malware ou phishing usando VirusTotal e AbuseIPDB.

使用说明 (SKILL.md)

Klaus IOC Scanner 🛡️

Analisa URLs, domínios e IPs (IOCs) usando VirusTotal e AbuseIPDB para verificar reputação e detecções de malware/phishing.

Gatilhos

Use esta skill quando o usuário:

Colar URLs, domínios ou IPs
Pedir: "scan", "verificar", "reputação", "é malicioso?", "VirusTotal", "AbuseIPDB"

Configuração

Variáveis de Ambiente

export VIRUSTOTAL_API_KEY="sua_chave_virustotal"
export ABUSEIPDB_API_KEY="sua_chave_abuseipdb"

Uso via Linha de Comando

# Verificar IP
python3 src/ioc_scan.py scan 45.67.89.10

# Verificar domínio
python3 src/ioc_scan.py scan exemplo.com

# Verificar URL
python3 src/ioc_scan.py scan "https://exemplo.com/login"

# Verificar múltiplos IOCs
python3 src/ioc_scan.py scan "https://exemplo.com 8.8.8.8 dominio.ruim"

# Modo detalhado
python3 src/ioc_scan.py scan --verbose 1.2.3.4

Exemplos

"Verifica a reputação deste IP: 45.67.89.10"
"Esse link é phishing? https://exemplo.tld/login"
"Analisa: exemplo.com 8.8.8.8"

Saída

A skill retorna:

Resumo executivo com veredito
Tabela rápida de resultados
Detalhes por IOC (VirusTotal + AbuseIPDB)
Recomendações de ação

安全使用建议

This skill appears to do what it says: query VirusTotal and AbuseIPDB for URLs/domains/IPs. Before installing: (1) review the included src/ioc_scan.py yourself (or run it in an isolated environment) to confirm behavior; (2) only provide dedicated API keys for VirusTotal and AbuseIPDB (create keys you can revoke and monitor) because submitted IOCs will be visible to those services; (3) note the package does not declare the Python 'requests' dependency — ensure your environment has it; (4) the metadata lists 'curl' though the code doesn't use it (likely harmless but sloppy); (5) avoid submitting sensitive/private URLs/hosts since submitting to VirusTotal/AbuseIPDB can leak them to third-party threat-intel systems; and (6) if you are unsure about trusting the unknown author, consider running the script locally or in a sandbox and monitor API usage before granting access to important/long-lived credentials.

功能分析

Type: OpenClaw Skill Name: klaus-ioc-scan Version: 1.0.0 The skill is a legitimate security tool designed to scan Indicators of Compromise (IOCs) using VirusTotal and AbuseIPDB APIs. The Python script `src/ioc_scan.py` implements standard regex-based extraction and API interaction logic, correctly handling sensitive API keys via environment variables and communicating only with official endpoints (virustotal.com and abuseipdb.com). No evidence of malicious intent, data exfiltration, or prompt injection was found.

能力评估

✓ Purpose & Capability

Name/description claim scanning IOCs via VirusTotal and AbuseIPDB and the package indeed queries those services and asks for their API keys. One minor mismatch: SKILL metadata lists curl as a required binary, but the Python code uses the requests library and does not call curl.

✓ Instruction Scope

SKILL.md instructs providing VIRUSTOTAL_API_KEY and ABUSEIPDB_API_KEY and running the included Python script; the instructions and code limit network calls to VirusTotal (v2 endpoints) and AbuseIPDB. The skill extracts IOCs from supplied text and does not reference unrelated system files or other environment variables. Note: SKILL.md's declared required bin ('curl') is not actually invoked by the code.

ℹ Install Mechanism

There is no install spec (instruction-only), which minimizes installation risks. However, the bundle includes a Python script that imports requests but the package does not declare or install that dependency; runtime will fail if requests is not present. No external downloads or obscure endpoints are used.

✓ Credentials

The skill requires exactly two API keys (VirusTotal and AbuseIPDB) which are necessary for its stated functionality. No other credentials, system config paths, or unrelated secrets are requested.

✓ Persistence & Privilege

The skill is not forced always-on (always:false) and does not request elevated or system-wide persistence. It does not modify other skills or global agent settings in the provided files.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install klaus-ioc-scan
安装完成后，直接呼叫该 Skill 的名称或使用 /klaus-ioc-scan 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of klaus-ioc-scan. - Scans URLs, domains, and IPs (IOCs) for reputation and malware/phishing detections using VirusTotal and AbuseIPDB. - Accepts input via user triggers (scan, reputação, "é malicioso?", etc.) and command-line interface. - Requires API keys for VirusTotal and AbuseIPDB. - Returns summary verdict, quick results table, detailed IOC report, and actionable recommendations.

元数据

Slug klaus-ioc-scan

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题