← 返回 Skills 市场

MITRE ATT&CK Technique Mapper

Name: MITRE ATT&CK Technique Mapper
Author: krishnakumarmahadevan-cmd

作者 ToolWeb · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

246

总下载

当前安装

版本数

在 OpenClaw 中安装

/install toolweb-mitre-attack-mapper

功能描述

Map attacker behavior text or security report files to MITRE ATT&CK techniques, tactics, detection guidance, mitigation, and threat actor associations.

安全使用建议

Before installing or using this skill, consider the following: - The SKILL.md instructs you to upload incident reports or raw threat data to https://portal.toolweb.in. That domain and the skill's source are unverified (no homepage or owner details). Only upload non-sensitive, redacted, or synthetic data unless you fully trust the operator. - The documentation references passing an X-API-Key or 'mcp_api_key' but the skill metadata does not declare any required credential. Ask the skill author to explicitly declare the required API key in the metadata and to provide a privacy/security policy describing how uploaded data is used, stored, and retained. - Never provide your platform/agent MCP key or other platform credentials to a third-party skill. If the skill requires an API key, create a dedicated service key with minimal scope and monitor usage. - Prefer to test with synthetic or anonymized reports first. Monitor outbound network requests (e.g., via a proxy) to confirm where data is sent. - If you need offline or local mapping for sensitive reports, prefer tools you can run locally or open-source code you can inspect instead of sending raw incident artifacts to an unknown external API. If the publisher can supply a verifiable homepage, a clear privacy policy, and updated metadata listing the required API key, the incoherence would be mitigated; until then treat the skill as suspicious.

功能分析

Type: OpenClaw Skill Name: toolweb-mitre-attack-mapper Version: 1.0.0 The skill bundle is a documentation-only package (SKILL.md and _meta.json) that provides instructions for an AI agent to interact with a MITRE ATT&CK mapping API hosted at portal.toolweb.in. It functions as a legitimate security utility for analyzing threat descriptions and incident reports. There is no executable code, obfuscation, or evidence of malicious intent such as unauthorized data exfiltration or prompt injection.

能力评估

ℹ Purpose & Capability

The high-level purpose (map attacker behavior to MITRE ATT&CK) matches the API calls shown in SKILL.md. However, the SKILL.md requires an X-API-Key header or an MCP 'mcp_api_key' parameter for authentication, yet the skill metadata declares no required environment variables or primary credential — this mismatch is unexpected and reduces trust.

⚠ Instruction Scope

The instructions direct the agent to POST free text or uploaded incident reports (PDF/DOCX/CSV/TXT) to an external endpoint (https://portal.toolweb.in/apis/security/mitre-attack-mapper). Uploading sensitive incident data to an external, unverified domain is a privacy/security risk. The docs also encourage passing an 'mcp_api_key' via MCP, which could cause the agent to use platform credentials. The SKILL.md does not limit or warn about sensitive data handling.

✓ Install Mechanism

No install spec and no code files (instruction-only). This reduces surface area because nothing is written to disk by the skill itself.

⚠ Credentials

SKILL.md expects an API key (X-API-Key or mcp_api_key) but the registry metadata lists no required environment variables or primary credential. This is an incoherence: either the skill should declare that it needs an API key, or it should provide an alternative. There is also a risk the agent might be instructed (or tricked) into sending platform-level credentials via the 'mcp_api_key' parameter.

✓ Persistence & Privilege

No elevated persistence flags (always:false) and no install-time hooks. The skill cannot force-enable itself or alter other skills from the provided material.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install toolweb-mitre-attack-mapper
安装完成后，直接呼叫该 Skill 的名称或使用 /toolweb-mitre-attack-mapper 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of MITRE ATT&CK Technique Mapper. - Map free-text threat descriptions or upload security files to identify relevant MITRE ATT&CK techniques and tactics. - Get technique IDs, tactics, confidence scores, detection guidance, and mitigation recommendations. - Supports input via multipart/form-data (text and/or file upload). - Returns ATT&CK Navigator layer exports and threat actor associations. - Sample curl commands and detailed API usage instructions included. - Pricing tiers available: Free, Developer, Professional, Enterprise.

元数据

Slug toolweb-mitre-attack-mapper

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

MITRE ATT&CK Technique Mapper 是什么？

Map attacker behavior text or security report files to MITRE ATT&CK techniques, tactics, detection guidance, mitigation, and threat actor associations. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 246 次。

如何安装 MITRE ATT&CK Technique Mapper？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install toolweb-mitre-attack-mapper」即可一键安装，无需额外配置。

MITRE ATT&CK Technique Mapper 是免费的吗？

是的，MITRE ATT&CK Technique Mapper 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

MITRE ATT&CK Technique Mapper 支持哪些平台？

MITRE ATT&CK Technique Mapper 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 MITRE ATT&CK Technique Mapper？

由 ToolWeb（@krishnakumarmahadevan-cmd）开发并维护，当前版本 v1.0.0。