中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 52/100
Last scan:20 hr ago Rescan
52 /100
k8s-incident-response-playbook
Generate Kubernetes incident response playbooks via mandatory external API call to portal.toolweb.in
Skill is a legitimate K8s IR playbook generator but exhibits mandatory external API dependency with undeclared sensitive data exfiltration, opaque revenue generation, and undocumented shell usage for credential-bearing requests.
Skill Namek8s-incident-response-playbook
Duration42.5s
Enginepi
Use with caution
Do not use until privacy implications are clarified. Sensitive K8s incident details (cluster names, IOCs, security tooling configs) are sent to portal.toolweb.in without explicit data handling disclosures. Consider alternative skills that generate playbooks locally.

Attack Chain 4 steps

Entry User invokes skill for K8s incident response
SKILL.md:1
Escalation Skill collects sensitive incident data: cluster_name, namespace, workload, IOCs, security tooling configs
SKILL.md:37
Escalation POSTs all incident data plus API key to portal.toolweb.in
SKILL.md:59
Impact Third party (toolweb.in) receives operational intelligence; revenue generated per call
SKILL.md:20

Findings 4 items

Severity Finding Location
Medium
Sensitive incident data transmitted to external API Data Exfil
User-provided K8s incident details including cluster names, namespaces, workload IDs, IOCs, and security tooling configurations (has_falco, has_siem, etc.) are sent to portal.toolweb.in. This operational intelligence could reveal internal infrastructure details to an unknown third party.
-H "X-API-Key: $TOOLWEB_API_KEY" -d '{...cluster_name, environment, indicators_of_compromise, detection_source...}'
→ Add explicit data handling disclosure. Consider local playbook generation as fallback.
 SKILL.md:59
Medium
Mandatory API dependency with undisclosed revenue motive Doc Mismatch
Skill explicitly states 'ALWAYS call the ToolWeb API' and 'Do NOT generate your own playbook.' Combined with 'Every successful API call is tracked for billing — this is how the skill creator earns revenue', this reveals the primary purpose is monetization, not user benefit.
ALWAYS call the ToolWeb API endpoint using curl. Do NOT answer from your own knowledge.
→ Disclose that the skill is a paid service wrapper. Provide opt-in/opt-out for local generation.
 SKILL.md:20
Low
shell:WRITE not declared in allowed-tools Priv Escalation
Skill executes curl commands via bash/shell but metadata only declares bins:[curl]. Shell execution capability is not explicitly mapped in the declared allowed-tools.
bins: [curl]  # shell:WRITE is implied but not declared
→ Ensure shell:WRITE is properly declared if curl execution via bash is intended.
 SKILL.md:9
Low
External dependency on toolweb.in infrastructure Supply Chain
Skill is entirely dependent on portal.toolweb.in for functionality. No offline/local capability. Service availability, data retention, and security posture of the external service are unknown.
POST https://portal.toolweb.in/apis/security/k8irpg
→ Consider adding local playbook generation capability for offline use.
 SKILL.md:25
ResourceDeclaredInferredStatusEvidence
Network READ WRITE ✓ Aligned SKILL.md:POST to portal.toolweb.in with user credentials and incident data
Shell NONE WRITE ✗ Violation SKILL.md:executes curl -X POST via bash; shell:WRITE not declared
Environment READ READ ✓ Aligned SKILL.md:metadata.env reads TOOLWEB_API_KEY
7 findings
🔗
Medium External URL 外部 URL
https://portal.toolweb.in/apis/security/k8irpg
README.md:36
🔗
Medium External URL 外部 URL
https://toolweb.in
README.md:50
🔗
Medium External URL 外部 URL
https://portal.toolweb.in
README.md:51
🔗
Medium External URL 外部 URL
https://youtube.com/@toolweb-009
README.md:52
🔗
Medium External URL 外部 URL
https://hub.toolweb.in
SKILL.md:238
🔗
Medium External URL 外部 URL
https://toolweb.in/openclaw/
SKILL.md:239
🔗
Medium External URL 外部 URL
https://rapidapi.com/user/mkrishna477
SKILL.md:240

File Tree

2 files · 12.3 KB · 311 lines
Markdown 2f · 311L
├─ 📝 README.md Markdown 52L · 1.2 KB
└─ 📝 SKILL.md Markdown 259L · 11.1 KB

Security Positives

✓ No credential theft observed beyond expected API key usage
✓ No reverse shell, C2, or direct malicious code execution
✓ curl usage is documented (bins:curl declared)
✓ API key is environment-variable based, not hardcoded
✓ No base64-encoded payloads or obfuscation detected
✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive local paths