← 返回 Skills 市场
mariusfit

Threat Radar

作者 mariusfit · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
484
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install threat-radar
功能描述
Continuously scans Docker images, dependencies, network ports, SSL/TLS, and OpenClaw config for CVEs; alerts via WhatsApp, Telegram, or Discord.
安全使用建议
What to consider before installing: - Ask the publisher for a homepage/source and documentation that explains how alerts are delivered (what webhook/tokens are required) and where they are stored. The skill promises WhatsApp/Telegram/Discord alerts but declares no credentials — do not assume alerts are configured automatically. - Review the remainder of threat_radar.py (the parts not shown) to confirm how it sends notifications and what network endpoints it calls. Look specifically for any hard-coded endpoints, webhook URLs, or obfuscated network calls. - Confirm what `cron-install` modifies: ask for the exact code or commands it runs. Prefer to run scans ad-hoc first rather than enabling scheduled tasks system-wide. - Because the scanner reads package manifests, Docker images, and OpenClaw config and writes logs/DB under ~/.openclaw, run it in a restricted test environment (or container) first to verify behavior and avoid exposing production credentials or sensitive files. - If you want to use alerting channels, require explicit configuration: webhook URLs or tokens should be set by you and documented; do not provide any broad credentials (SSH keys, cloud keys) unless absolutely necessary and justified. - If the publisher cannot provide source/installation clarity or the code that performs notifications, treat this skill as untrusted. What would change this assessment: seeing the full source for notification/cron-install code (showing it only uses user-supplied webhook URLs and documents cron changes), or a clear install spec that safely registers the CLI and documents required credentials would reduce the concerns.
功能分析
Type: OpenClaw Skill Name: threat-radar Version: 1.0.0 The skill is classified as suspicious due to significant functional vulnerabilities and misleading claims, despite lacking direct evidence of malicious intent. The `threat_radar.py` script uses hardcoded 'mock NVD data' in its `_fetch_cve_data` method, rendering its core CVE alerting feature ineffective and contradicting the `SKILL.md`'s claim of pulling from NVD and GitHub. Additionally, the `cron-install` and `cron-remove` commands advertised in `SKILL.md` are not implemented in the Python script, indicating missing functionality. While the code uses `subprocess` and `socket` for scanning, these operations are confined to the stated purpose (e.g., `docker images`, `openssl s_client`, local port checks) and do not show signs of data exfiltration or unauthorized access. The `SKILL.md` itself does not contain any prompt injection attempts.
能力评估
Purpose & Capability
The description promises alerting via WhatsApp/Telegram/Discord and automatic CVE feeds from NVD/GitHub, but the package declares no required credentials or webhook URLs and the bundled code uses a mocked local CVE dataset rather than pulling live feeds. Also SKILL.md shows a CLI with commands like `threat-radar cron-install`, but no install mechanism is provided to expose a `threat-radar` executable. These are inconsistencies between stated capabilities and what is requested/installed.
Instruction Scope
SKILL.md and the code instruct the agent to scan Docker images, filesystem dependency files, local network ports, SSL/TLS endpoints and OpenClaw configuration. Those actions legitimately require local file and network access and the code will create config/db files under ~/.openclaw/workspace/monitoring/threat-radar. This is consistent with a scanner, but it also means the skill will read potentially sensitive local files (OpenClaw credential files, package manifests) and perform network scans — SKILL.md does not clearly enumerate what local data will be read or require explicit consent, which is scope creep for users who expect minimal access.
Install Mechanism
There is no install spec even though SKILL.md advertises a CLI (threat-radar) and management commands like cron-install. The skill includes a Python file but no guidance on how it becomes a system command or how cron-install is implemented. Lack of an install procedure is an incoherence — either the agent must run the script directly, or the skill should provide a safe, explicit install step; neither is present.
Credentials
The skill requests no environment variables or credentials, yet promises to send alerts via WhatsApp/Telegram/Discord — integrations that normally require webhook URLs, tokens, or phone credentials. The absence of declared credentials is disproportionate to the alerting capability described. The skill will also create and write config, DB, logs under the user's home directory which could contain sensitive data; the SKILL.md and manifest do not declare or justify this access.
Persistence & Privilege
The skill is not force-installed (always:false) and model invocation is allowed (default). However, SKILL.md exposes a `cron-install` command and the code writes persistent config (db, cve cache, history, logs) into the user's workspace. Scheduled scans (cron) would give the skill ongoing presence and periodic network/file access; because no install spec details what cron-install does, this persistence is notable and should be reviewed before enabling.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install threat-radar
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /threat-radar 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial public release of threat-radar. - Continuous security scanning for Docker images, service ports, dependencies, and SSL/TLS. - Automatic CVE monitoring, matching vulnerabilities to your actual stack. - Severity-based alerting with notification via WhatsApp, Telegram, or Discord. - Detailed reporting: weekly digests, posture trends, and remediation guidance. - Runs fully within OpenClaw—no third-party SaaS required.
元数据
Slug threat-radar
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Threat Radar 是什么?

Continuously scans Docker images, dependencies, network ports, SSL/TLS, and OpenClaw config for CVEs; alerts via WhatsApp, Telegram, or Discord. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 484 次。

如何安装 Threat Radar?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install threat-radar」即可一键安装,无需额外配置。

Threat Radar 是免费的吗?

是的,Threat Radar 完全免费(开源免费),可自由下载、安装和使用。

Threat Radar 支持哪些平台?

Threat Radar 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Threat Radar?

由 mariusfit(@mariusfit)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论