← 返回 Skills 市场
krishnakumarmahadevan-cmd

Risk Assessment Compliance

作者 ToolWeb · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
143
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install risk-assessment-compliance
功能描述
Performs comprehensive security checks and compliance risk assessments on websites and applications.
安全使用建议
This skill appears to describe a third‑party security-scanning API but is missing crucial runtime details. Before installing or using it: (1) verify the publisher and their privacy/security policy (toolweb.in / api.mkkpro.com links are present but source is 'unknown'); (2) confirm the base API URL and how authentication/billing is handled — expect an API key even though none is declared; (3) avoid sending sensitive or internal URLs to an unverified external service (risk of data exposure); (4) request an explicit servers field or configuration instructions (OpenAPI 'servers' is missing) and declared env vars for any keys the skill needs; (5) prefer skills that clearly document endpoints, auth, and data-handling, or run your own scanner/hosted solution you control. If you proceed, test first with non-sensitive public targets and ask the publisher for credentials and a privacy/data-retention statement.
功能分析
Type: OpenClaw Skill Name: risk-assessment-compliance Version: 1.0.0 The skill bundle is a standard API wrapper for a web security and compliance assessment service. It defines a single endpoint (/security-check) in openapi.json that accepts a URL for analysis, which is consistent with the documentation in SKILL.md. No evidence of malicious execution, data exfiltration, or prompt injection was found; the tool functions as a legitimate interface to external security scanning services hosted at api.mkkpro.com.
能力评估
Purpose & Capability
The name/description and the included OpenAPI fragment describe a security assessment API and a /security-check endpoint, which is coherent with the stated purpose. However, the skill does not declare a base URL or any authentication requirements even though the SKILL.md references external commercial endpoints (toolweb.in, api.mkkpro.com) and pricing — this is an omission that makes the capability incomplete and unclear.
Instruction Scope
SKILL.md describes requests/responses and references external API hosts (api.mkkpro.com, toolweb.in) but gives no explicit runtime instruction on which host/URL to call or how to supply credentials. The instructions are vague/open-ended, which could cause the agent to (a) attempt network calls to third-party endpoints by inferring hosts from references, or (b) fail silently. There is also no guidance about handling sensitive targets (internal URLs) or data-handling/privacy considerations.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk by the skill itself. This is the lowest-risk install model.
Credentials
No required environment variables or primary credential are declared, yet the SKILL.md references a paid API and platforms (RapidAPI, portal.toolweb.in) where an API key or account would typically be required. The absence of declared auth variables is disproportionate to the claimed functionality and leaves open the question of how authentication and billing would be handled.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not declare actions that modify agent or system-wide settings. Autonomous invocation is allowed (default) but not combined with other privilege escalations.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install risk-assessment-compliance
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /risk-assessment-compliance 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the Risk Assessment & Compliance skill. - Provides comprehensive security checks and compliance risk assessments for websites and applications. - Returns detailed reports including security score, compliance status, vulnerabilities, framework assessments (PCI-DSS, OWASP, GDPR), and risk level. - Offers a `/security-check` endpoint for automated analysis with remediation guidance. - Includes tiered pricing plans (Free, Developer, Professional, Enterprise) for API usage.
元数据
Slug risk-assessment-compliance
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Risk Assessment Compliance 是什么?

Performs comprehensive security checks and compliance risk assessments on websites and applications. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 143 次。

如何安装 Risk Assessment Compliance?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install risk-assessment-compliance」即可一键安装,无需额外配置。

Risk Assessment Compliance 是免费的吗?

是的,Risk Assessment Compliance 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Risk Assessment Compliance 支持哪些平台?

Risk Assessment Compliance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Risk Assessment Compliance?

由 ToolWeb(@krishnakumarmahadevan-cmd)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论