Threat — 实用工具
v1.0.0工作流—系统 decomposition, trust boundaries, STRIDE-style threats, mitigations, prioritization, 和 tracking. Use when designing new...
0· 116·0 当前·1 累计
by @mike47512 安全扫描
OpenClaw
安全
high confidenceThe skill is an instruction-only threat-modeling facilitator whose requirements and instructions align with its stated purpose and do not request elevated access or external installs.
评估建议
This skill is a high-level facilitator for threat-modeling workshops and is internally consistent with that purpose. Because it is instruction-only (no installs or required secrets), it has a low technical footprint. Before using it: avoid pasting real secrets (API keys, private keys, or PII) into the chat or outputs; confirm any artifacts the agent generates are stored according to your team policy; and prefer explicit, on-demand invocation rather than long-running or automated runs if you want...详细分析 ▾
✓ 用途与能力
Name/description match the SKILL.md content. The workflow covers system decomposition, trust boundaries, STRIDE threats, mitigations, prioritization and tracking — all coherent with the stated purpose. No unrelated capabilities (cloud creds, CI tokens, etc.) are requested.
✓ 指令范围
SKILL.md is a guidance document for running threat-model workshops and producing artifacts. It does not instruct the agent to read files, access environment variables, call external endpoints, or collect secrets. Prompts and outputs are limited to threat-modeling artifacts and facilitation.
✓ 安装机制
No install spec and no code files — instruction-only. This minimizes disk writes and reduces supply-chain risk.
✓ 凭证需求
No required environment variables, credentials, or config paths are declared. The guidance discusses assets and sensitive data conceptually but does not request or demand secrets or unrelated credentials.
✓ 持久化与权限
always is false and model invocation is permitted (default). The skill does not request persistent presence or to modify other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install threat
镜像加速npx clawhub@latest install threat --registry https://cn.longxiaskill.com 镜像可用
本土化适配说明
Threat — 实用工具 安装说明: 安装命令:["openclaw skills install threat","npx clawhub@latest install threat"]