ioc-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill is designed for legitimate cybersecurity defense activities.
- [DATA_EXFILTRATION]: The skill communicates with 'api.openclaw.com', which is the functional endpoint for the service described. Analysis shows no evidence of sensitive data (such as SSH keys or local credentials) being collected or exfiltrated.
- [CREDENTIALS_UNSAFE]: The skill correctly instructs users to manage API keys via environment variables ($OPENCLAW_API_KEY) and uses placeholders in examples, avoiding the risk of hardcoded secrets.
- [PROMPT_INJECTION]: The skill processes external data (IOCs). While this constitutes an indirect injection surface, the documentation explicitly recommends validating inputs using regular expressions, which serves as a security best practice for data ingestion.
Audit Metadata