Risk Assessment Compliance — 实用工具
v1.0.0安全性 checks 和 compliance risk assessments websites 和 applications.
0· 139·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill claims to wrap a commercial security assessment API, but the runtime instructions are vague about where to call and how to authenticate, and the provider is not clearly identified — this mismatch could cause the agent to send scanned URLs to an external service without the necessary disclosures or declared credentials.
评估建议
This skill appears to describe a third‑party security-scanning API but is missing crucial runtime details. Before installing or using it: (1) verify the publisher and their privacy/security policy (toolweb.in / api.mkkpro.com links are present but source is 'unknown'); (2) confirm the base API URL and how authentication/billing is handled — expect an API key even though none is declared; (3) avoid sending sensitive or internal URLs to an unverified external service (risk of data exposure); (4) r...详细分析 ▾
ℹ 用途与能力
The name/description and the included OpenAPI fragment describe a security assessment API and a /security-check endpoint, which is coherent with the stated purpose. However, the skill does not declare a base URL or any authentication requirements even though the SKILL.md references external commercial endpoints (toolweb.in, api.mkkpro.com) and pricing — this is an omission that makes the capability incomplete and unclear.
⚠ 指令范围
SKILL.md describes requests/responses and references external API hosts (api.mkkpro.com, toolweb.in) but gives no explicit runtime instruction on which host/URL to call or how to supply credentials. The instructions are vague/open-ended, which could cause the agent to (a) attempt network calls to third-party endpoints by inferring hosts from references, or (b) fail silently. There is also no guidance about handling sensitive targets (internal URLs) or data-handling/privacy considerations.
✓ 安装机制
Instruction-only skill with no install spec and no code files; nothing is written to disk by the skill itself. This is the lowest-risk install model.
⚠ 凭证需求
No required environment variables or primary credential are declared, yet the SKILL.md references a paid API and platforms (RapidAPI, portal.toolweb.in) where an API key or account would typically be required. The absence of declared auth variables is disproportionate to the claimed functionality and leaves open the question of how authentication and billing would be handled.
✓ 持久化与权限
The skill does not request persistent presence (always:false) and does not declare actions that modify agent or system-wide settings. Autonomous invocation is allowed (default) but not combined with other privilege escalations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install risk-assessment-compliance
镜像加速npx clawhub@latest install risk-assessment-compliance --registry https://cn.longxiaskill.com 镜像可用