← 返回 Skills 市场
gora050

Threat Stack

作者 Vlad Ursul · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
137
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install threat-stack
功能描述
Threat Stack integration. Manage data, records, and automate workflows. Use when the user wants to interact with Threat Stack data.
安全使用建议
This skill appears to do what it claims: it uses Membrane to connect to Threat Stack and run actions. Before installing/use: 1) Verify you trust Membrane (getmembrane.com) and review their privacy/security docs because Membrane will hold credentials and act on your behalf. 2) Inspect the npm package @membranehq/cli on npm/github and prefer running via npx or pin a specific version rather than `@latest`. 3) Limit the connector's permissions in Threat Stack to the minimum needed and audit connections. 4) Confirm organizational policy on third-party credential brokers if you are using corporate accounts. If you want more assurance, ask the skill author/source for provenance (who published this skill) and for a checksum or pinned CLI version.
功能分析
Type: OpenClaw Skill Name: threat-stack Version: 1.0.3 The skill facilitates integration with Threat Stack via a third-party middleware platform (Membrane). It requires high-risk actions including the global installation of an external npm package (@membranehq/cli) and the dynamic creation/execution of actions via a remote service (membrane action create/run). While these capabilities are aligned with the stated purpose of the integration, the reliance on a third-party CLI and remote code generation constitutes a significant attack surface and potential for remote execution (SKILL.md).
能力评估
Purpose & Capability
The name and description (Threat Stack integration) match the instructions: the SKILL.md tells the agent to use the Membrane CLI to create a connection to Threat Stack, discover and run actions. The required tools and steps (membrane connect, action list/run) are proportionate to a connector skill.
Instruction Scope
All runtime instructions stay within the stated purpose: install Membrane CLI, log in, create a connector, discover and run actions. The SKILL.md does not instruct the agent to read unrelated local files, request unrelated env vars, or exfiltrate data to unexpected endpoints. It does use browser/headless login flows for authentication as expected for a connector.
Install Mechanism
This is an instruction-only skill (no install spec), but it tells users to run `npm install -g @membranehq/cli@latest` (or use npx in examples). Installing a global npm package is a normal way to get a CLI, but it does install third-party code on the system and uses `@latest` (unpinned). Consider verifying the package on the npm registry, pinning a known-good version, or using npx/containerized execution to reduce risk.
Credentials
The skill declares no required env vars or credentials and explicitly instructs not to ask the user for API keys, instead delegating auth to Membrane. That is consistent with its design. Note: delegating auth to a third party centralizes access — ensure you trust Membrane and understand the scope of the connector's permissions in your Threat Stack account.
Persistence & Privilege
The skill does not request permanent presence (always: false). It does not instruct modifying other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) and is not a special concern here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install threat-stack
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /threat-stack 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Auto sync from membranedev/application-skills
v1.0.2
Revert refresh marker
v1.0.1
Refresh update marker
v1.0.0
Auto sync from membranedev/application-skills
元数据
Slug threat-stack
版本 1.0.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Threat Stack 是什么?

Threat Stack integration. Manage data, records, and automate workflows. Use when the user wants to interact with Threat Stack data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 137 次。

如何安装 Threat Stack?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install threat-stack」即可一键安装,无需额外配置。

Threat Stack 是免费的吗?

是的,Threat Stack 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Threat Stack 支持哪些平台?

Threat Stack 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Threat Stack?

由 Vlad Ursul(@gora050)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论