首页 / 技能 / Security Posture Maturity — 安全成熟度评估

📦 Security Posture Maturity — 安全成熟度评估

v1.0.0

专业多维度安全成熟度评估平台,从八大关键领域对企业安全状况进行全景扫描与量化评级,帮助快速定位短板并制定提升路线图。

0· 84·0 当前·0 累计
krishnakumarmahadevan-cmd 头像by @krishnakumarmahadevan-cmd (ToolWeb)
安全数据分析自动化测试工具
下载技能包
最后更新
2026/3/31
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
NULL
评估建议
This skill is internally coherent: it provides an OpenAPI spec and a clear description of endpoints. However, the publisher is unknown, there's no homepage or contact, and the API spec contains no host or authentication scheme despite advertising paid plans — that is unusual. Before using or sending real organizational data: 1) ask the publisher for a canonical API base URL, security/authentication method (API key/OAuth), and a privacy/data-retention policy; 2) verify the publisher's identity an...
详细分析 ▾
用途与能力
Name, description, SKILL.md and included openapi.json are consistent: they describe an assessment API over eight domains and provide matching endpoints and request/response schemas. However, the skill advertises pricing and tiers but the OpenAPI and SKILL.md include no host, security schemes, or required credentials — that omission is unusual for a paid API and worth questioning.
指令范围
SKILL.md is instruction-only and only describes API endpoints, sample requests/responses, and expected behavior. It does not direct the agent to read local files, environment variables, system paths, or to transmit data to unexpected endpoints outside the described API.
安装机制
No install spec and no code files are provided beyond documentation and OpenAPI; nothing is written to disk or executed during install. This is low-risk from an installation perspective.
凭证需求
The skill declares no required environment variables, binaries, or credentials which is proportionate to an instruction-only API description. However, the presence of pricing/tiers and a production-sounding API with no declared auth or host is atypical and could mean the author omitted necessary authentication info or expects the agent/user to supply secrets out-of-band — clarify before sending any sensitive organizational data.
持久化与权限
The skill is not always-enabled (always:false) and is user-invocable. It does not request elevated or persistent privileges and does not modify other skill configurations according to the provided metadata.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/30

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install toolweb-security-posture-maturity
镜像加速npx clawhub@latest install toolweb-security-posture-maturity --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库