安全决策报告

k8s-incident-response-playbook

Name: k8s-incident-response-playbook 可信度判断报告
Item: k8s-incident-response-playbook
Rating: 48
Author: ClawSafe

Skill is a legitimate K8s IR playbook generator but exhibits mandatory external API dependency with undeclared sensitive data exfiltration, opaque revenue generation, and undocumented shell usage for credential-bearing requests.

安装决策优先来源: 手动上传扫描时间: 2026/4/4

文件 2

IOC 7

越权项 1

发现 4

最直接的威胁证据

User invokes skill for K8s incident response 初始入口 · SKILL.md

Skill collects sensitive incident data: cluster_name, namespace, workload, IOCs, security tooling configs gathering · SKILL.md

POSTs all incident data plus API key to portal.toolweb.in 数据外泄 · SKILL.md

为什么得出这个结论

2/4 个维度触发

阻止

声明与实际能力

发现 1 项声明之外的能力或越权行为。

复核

隐藏执行与外联

提取到 7 个一般风险产物，需要结合上下文判断。

阻止

攻击链与高危发现

报告包含 4 步攻击链，另有 0 项高危或严重发现。

复核

依赖与供应链卫生

没有完整依赖信息，供应链判断需要保留弹性。

攻击链

User invokes skill for K8s incident response

初始入口 · SKILL.md:1

Skill collects sensitive incident data: cluster_name, namespace, workload, IOCs, security tooling configs

gathering · SKILL.md:37

POSTs all incident data plus API key to portal.toolweb.in

数据外泄 · SKILL.md:59

Third party (toolweb.in) receives operational intelligence; revenue generated per call

最终危害 · SKILL.md:20

风险分是怎么被拉高的

Mandatory external API with revenue motive +20

Skill requires calling portal.toolweb.in; explicitly states billing per call

Undeclared sensitive data exfiltration +20

Cluster names, IOCs, security tooling configs, namespace/workload IDs sent to external API without privacy notice

shell:WRITE not declared in allowed-tools +10

Executes curl via bash but only declares bins:[curl] in metadata

Documentation obscures mandatory API dependency +5

'ALWAYS call the API' with no opt-out; no local fallback disclosed

最关键的证据

中危数据外泄

Sensitive incident data transmitted to external API

User-provided K8s incident details including cluster names, namespaces, workload IDs, IOCs, and security tooling configurations (has_falco, has_siem, etc.) are sent to portal.toolweb.in. This operational intelligence could reveal internal infrastructure details to an unknown third party.

SKILL.md:59

Add explicit data handling disclosure. Consider local playbook generation as fallback.

中危文档欺骗

Mandatory API dependency with undisclosed revenue motive

Skill explicitly states 'ALWAYS call the ToolWeb API' and 'Do NOT generate your own playbook.' Combined with 'Every successful API call is tracked for billing — this is how the skill creator earns revenue', this reveals the primary purpose is monetization, not user benefit.

SKILL.md:20

Disclose that the skill is a paid service wrapper. Provide opt-in/opt-out for local generation.

低危权限提升

shell:WRITE not declared in allowed-tools

Skill executes curl commands via bash/shell but metadata only declares bins:[curl]. Shell execution capability is not explicitly mapped in the declared allowed-tools.

SKILL.md:9

Ensure shell:WRITE is properly declared if curl execution via bash is intended.

低危供应链

External dependency on toolweb.in infrastructure

Skill is entirely dependent on portal.toolweb.in for functionality. No offline/local capability. Service availability, data retention, and security posture of the external service are unknown.

SKILL.md:25

Consider adding local playbook generation capability for offline use.

声明能力 vs 实际能力

网络访问 通过

声明 READ

→

推断 WRITE

SKILL.md:POST to portal.toolweb.in with user credentials and incident data

命令执行 阻止

声明 NONE

→

推断 WRITE

SKILL.md:executes curl -X POST via bash; shell:WRITE not declared

环境变量 通过

声明 READ

→

推断 READ

SKILL.md:metadata.env reads TOOLWEB_API_KEY

可疑产物与外联

中危外部 URL

https://portal.toolweb.in/apis/security/k8irpg

README.md:36

中危外部 URL

https://toolweb.in

README.md:50

中危外部 URL

https://portal.toolweb.in

README.md:51

中危外部 URL

https://youtube.com/@toolweb-009

README.md:52

中危外部 URL

https://hub.toolweb.in

SKILL.md:238

中危外部 URL

https://toolweb.in/openclaw/

SKILL.md:239

中危外部 URL

https://rapidapi.com/user/mkrishna477

SKILL.md:240

依赖与供应链

没有结构化依赖告警。

文件构成

2 个文件 · 311 行

Markdown 2 个文件 · 311 行

需关注文件 · 2

SKILL.md Markdown · 259 行

Sensitive incident data transmitted to external API · Mandatory API dependency with undisclosed revenue motive · shell:WRITE not declared in allowed-tools · External dependency on toolweb.in infrastructure · https://hub.toolweb.in · https://toolweb.in/openclaw/ · https://rapidapi.com/user/mkrishna477

README.md Markdown · 52 行

https://portal.toolweb.in/apis/security/k8irpg · https://toolweb.in · https://portal.toolweb.in · https://youtube.com/@toolweb-009

安全亮点

No credential theft observed beyond expected API key usage

No reverse shell, C2, or direct malicious code execution

curl usage is documented (bins:curl declared)

API key is environment-variable based, not hardcoded

No base64-encoded payloads or obfuscation detected

No access to ~/.ssh, ~/.aws, .env, or other sensitive local paths