技能详情(站内镜像,无评论)
作者:Anmol Nagpal @anmolnagpal
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 194 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :良性
Package:anmolnagpal/defender-posture-reviewer
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :良性
OpenClaw 评估
The skill is instruction-only and its requests (exported Defender Secure Score, recommendations, alerts) match the described purpose; no credentials or installs are requested, but the package has unknown provenance and a small ambiguity about a 'bash' tool entry.
目的
Name/description match the runtime instructions: the skill asks users to provide Defender Secure Score exports, recommendation and alert JSONs and then produces prioritized remediation and Azure CLI remediation examples. It does not request unrelated credentials or system access.
说明范围
SKILL.md stays within scope (parse exported data, prioritize, produce remediation and CLI commands). It explicitly states it will not execute Azure CLI or access the account. Minor ambiguity: the SKILL header lists 'tools: claude, bash' which could imply shell execution — the doc contradicts that. Also the skill asks users to paste raw exports and instructs to confirm no credentials are present before processing.
安装机制
No install spec and no code files — instruction-only skill with nothing written to disk. Low install risk.
证书
No environment variables, keys, or persistent credentials are requested. The sample az CLI commands are read-only and the minimum RBAC role stated is Security Reader (subscription scope), which is appropriate for exporting the listed data.
持久
Skill is not always-enabled and doesn't request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk indicators.
综合结论
This skill appears coherent for its stated purpose, but consider the following before installing or using it: - Do not paste credentials, secret keys, or tokens. The skill tells you not to provide credentials — follow that. - Inspect any exported JSON/CSV before pasting: redact any secrets, but also be aware exports can contain subscription IDs, resource names, and principal IDs (sensitive for privacy and social engineering). Share only the mi…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Defender Posture Reviewer」。简介:Interpret Microsoft Defender for Cloud Secure Score and generate a prioritized …。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/anmolnagpal/defender-posture-reviewer/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。