← 返回 Skills 市场
415
总下载
0
收藏
2
当前安装
8
版本数
在 OpenClaw 中安装
/install threat-assessment-defense-guide
功能描述
Generate comprehensive cybersecurity threat assessments and defense guides. Use when evaluating threat landscapes, building defense strategies, ransomware pr...
安全使用建议
This skill is plausible for its stated purpose, but exercise caution before installing. Key points to check before use:
- Confirm the real API endpoint and owner: SKILL.md and README reference portal.toolweb.in and an API path, but the included test script posts to hub.toolweb.in/security/… — ask the publisher why two different hosts are used and which is authoritative.
- Avoid using a long-lived, highly privileged API key until you trust the service. Use an ephemeral or scoped key if possible and monitor usage/billing in the ToolWeb portal.
- The test script uses curl -k (skips TLS certificate validation). That weakens transport security and could enable MITM; do not run scripts that skip cert verification without understanding why. Prefer endpoints with valid TLS and remove -k.
- Recognize that the skill requires sending organization and asset details to an external service. If those inputs include sensitive or regulated data (PHI, PCI, secrets), do not send them without appropriate contracts and data-handling assurances.
- If you proceed, validate the service by: contacting the maintainer (email in README), checking the TLS certificate and domain ownership of portal.toolweb.in/hub.toolweb.in, performing a test with non-sensitive data, and monitoring network/API calls.
Given the domain inconsistency and the insecure curl usage in the test script, treat this skill as suspicious until those issues are clarified.
功能分析
Type: OpenClaw Skill
Name: threat-assessment-defense-guide
Version: 1.0.2
The skill is a legitimate commercial tool designed to interface with the ToolWeb API (portal.toolweb.in) to generate cybersecurity threat assessments. It functions as a wrapper that collects user input (industry, assets, threat types) and retrieves expert analysis via a POST request using curl. While the instructions in SKILL.md strictly mandate API usage for monetization purposes and the test script (scripts/test-api.sh) uses an insecure curl flag (-k), there is no evidence of malicious intent, data exfiltration, or unauthorized system access.
能力评估
Purpose & Capability
The name/description ask for threat assessments and the skill only requires curl and an API key (TOOLWEB_API_KEY), which is proportionate for an API-backed service. Requesting a single service API key fits the stated purpose.
Instruction Scope
SKILL.md insists the agent must always call the external ToolWeb API and never answer from its own knowledge, and instructs sending user-provided context (industry, assets, threat types) to that endpoint. Sending user/org details to an external service is expected for a remote analysis service, but users should be aware this transmits potentially sensitive information. Additionally, the included test script targets a different host (hub.toolweb.in) than the SKILL.md examples (portal.toolweb.in/apis/...), which is a troubling inconsistency.
Install Mechanism
No install spec — instruction-only skill — so nothing is written to disk at install time beyond the SKILL.md and small script. This is low-risk in itself.
Credentials
Only one required environment variable (TOOLWEB_API_KEY) is declared and used, which is proportionate. However, because the skill mandates external API calls for every request, that API key will be sent to a third-party service; users should ensure they trust the service and the key's permissions and billing implications.
Persistence & Privilege
The skill is not always-enabled and doesn't request system-level config paths or modify other skills. It has normal invocation privileges for an OpenClaw skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install threat-assessment-defense-guide - 安装完成后,直接呼叫该 Skill 的名称或使用
/threat-assessment-defense-guide触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- No functional changes: content-only update.
- SKILL.md file reformatted with minor text adjustments.
- Content structure, workflow, and instructions remain the same.
- No code, logic, or output modifications in this version.
v1.0.1
**This version strictly enforces API usage for all threat assessments.**
- Added critical instructions: always call the ToolWeb API; never answer from built-in knowledge.
- Updated API endpoint URL to https://portal.toolweb.in/apis/security/threat-assessment-defense.
- Clarified error handling: if API call fails or TOOLWEB_API_KEY is missing, notify the user and do not generate any assessment.
- Emphasized that all successful API calls are billed and required for results.
- Adjusted minor details (pricing/currency, endpoint, trial plan wording).
v1.3.2
- Updated the API pricing section to reflect new plans: free trial, Developer, Professional, and Enterprise tiers with defined daily/monthly call limits and prices in USD.
- Removed previous INR-based price points and references to PayPal/PayU international payment instructions.
- No changes to skill usage, workflow, error handling, or core functionality.
v1.3.1
threat-assessment-defense-guide v1.3.1
- Updated the "About" section: Added mention of the MCP Server and provided its link (https://hub.toolweb.in); adjusted platform listings and sequence.
- No changes to core workflow, API usage, prompts, or output formatting.
- Minor clarifications to documentation regarding available execution platforms.
v1.3.0
threat-assessment-defense-guide v1.3.0
- Updated the "About" section with clearer platform branding, OpenClaw execution support, and YouTube demo info
- Added direct OpenClaw Skills and YouTube links for easier discovery
- Improved language and formatting of platform descriptions for clarity and consistency
- No changes to API, workflow, or core skill logic
v1.2.0
threat-assessment-defense-guide v1.2.0
- Updated "About" section with latest platform details (200+ APIs, new pay-per-run, API Gateway, RapidAPI, OpenClaw options)
- Improved platform trust messaging for international security teams (USA, UK, Europe)
- Minor editorial corrections and improved description of supported platforms and payment channels
- No changes to usage flow or API integration instructions
v1.1.0
No major feature changes; edits update external links and social/contact sections.
- Updated "About" section with new Portal, RapidAPI, and YouTube links.
- Changed API Hub URL and RapidAPI username wherever listed.
- Adjusted YouTube channel reference to new channel URL.
- No changes to usage, workflow, prerequisites, or API behavior.
v1.0.0
Initial release of the Threat Assessment & Defense Guide skill:
- Generate comprehensive cybersecurity threat assessments and tailored defense guides.
- Supports evaluation of threat landscapes, building defense strategies, and threat modeling.
- Guides users to provide threat type, industry, and asset details for precise recommendations.
- Integrates with ToolWeb.in API requiring TOOLWEB_API_KEY and curl.
- Outputs actionable assessments covering threat, defense, detection, and incident response.
- Includes clear error handling and guidance for API usage and subscription.
元数据
常见问题
Threat Assessment Defense Guide 是什么?
Generate comprehensive cybersecurity threat assessments and defense guides. Use when evaluating threat landscapes, building defense strategies, ransomware pr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 415 次。
如何安装 Threat Assessment Defense Guide?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install threat-assessment-defense-guide」即可一键安装,无需额外配置。
Threat Assessment Defense Guide 是免费的吗?
是的,Threat Assessment Defense Guide 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Threat Assessment Defense Guide 支持哪些平台?
Threat Assessment Defense Guide 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。
谁开发了 Threat Assessment Defense Guide?
由 ToolWeb(@krishnakumarmahadevan-cmd)开发并维护,当前版本 v1.0.2。
推荐 Skills