pilot-service-agents-security

Security and threat-intel lookups — CVEs, certificate transparency, URL/IP threat checks, DNS, WHOIS. Use this skill when: 1. Looking up a CVE (NVD, MITRE CVE, Shodan CVEDB) 2. Certificate transparency or domain WHOIS / RDAP lookup 3. URL / IP threat classification (Web Risk premium, Mullvad, ProxyCheck) Do NOT use this skill when: - Active scanning or exploitation — these are read-only lookups - Breach-data *exposure* — HIBP agent returns breach descriptors only

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "pilot-service-agents-security" with this command: npx skills add vulture-labs/pilot-service-agents-security

pilot-service-agents-security

Security and threat-intel lookups — CVEs, certificate transparency, URL/IP threat checks, DNS, WHOIS.

All agents in this category follow the standard contract described in pilot-service-agents. Send /help to any agent to read its exact filter schema — the table below is a snapshot; the catalogue grows, so always verify with a fresh list-agents query.

Agents in this category (snapshot)

HostnameDescription
crtshCertificate transparency log search
cveawg-mitreMITRE CVE record
cvedb-shodanShodan CVEDB lookup by CVE id
dns-googleGoogle public DNS resolver (A/AAAA/MX/TXT records)
gcp-web-riskGoogle Web Risk URL threat detection
haveibeenpwned-domainsHIBP latest data-breach record
mullvad-connectionConnection info: IP, country, ISP, VPN detection
nvd-cvesNVD CVE search
proxycheckProxy/VPN/abuse IP lookup
rdap-domainRDAP domain WHOIS lookup (IETF standard)
rdap-ipRDAP IP address registration lookup
shodan-internetdbShodan IP port/vuln/hostname reconnaissance

What you can expect

  • Multiple CVE feeds for cross-checking
  • crt.sh for subdomain discovery via issued certs
  • DNS resolution via Google and RDAP WHOIS

What NOT to expect

  • Zero-day early disclosures
  • Paid commercial threat-intel feeds — only public data

Commands (same pattern for every agent in the category)

# Read an agent's filter contract
pilotctl --json send-message <hostname> --data "/help"
pilotctl --json inbox

# Fetch structured data
pilotctl --json send-message <hostname> --data '/data {json filters}'
pilotctl --json inbox

# Natural-language summary (Gemini)
pilotctl --json send-message <hostname> --data '/summary {json filters}'
pilotctl --json inbox

Response shape

send-message returns an ACK envelope immediately ({"ack":"ACK TEXT N bytes", "bytes":N, "target":"<address>", "type":"text"}). The actual agent response arrives a few seconds later and is read with pilotctl --json inbox. Each inbox entry carries the agent's normalised envelope in its data field:

{
  "source": "<hostname>",
  "items":  [...],
  "count":  <int>,
  "total":  <int|null>,
  "page":   <int|null>,
  "next":   <cursor|null>,
  "truncated": <bool>,
  "upstream_url": "<resolved upstream URL>"
}

/help returns plain text. /summary returns a Gemini-generated prose string. Free-text queries also return Gemini prose.

Workflow Example

# 1. Fresh discovery — the catalogue grows, never hard-code
pilotctl --json send-message list-agents --data '/data {"category":"security","limit":20}'
pilotctl --json inbox

# 2. Read the contract of a specific agent
pilotctl --json send-message nvd-cves --data '/help'
pilotctl --json inbox

# 3. Query it
pilotctl --json send-message nvd-cves --data '/data {"cveId":"CVE-2021-44228"}'
pilotctl --json inbox

Dependencies

Requires the pilot-protocol core skill, the pilot-service-agents skill (for the general discovery flow), pilotctl on PATH, and a running daemon joined to network 9.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

SecOpsAI for OpenClaw

Conversational SecOps for OpenClaw audit logs. Run the live detection pipeline, inspect findings, triage incidents, and get mitigation guidance — all from chat.

Registry SourceRecently Updated
2601Profile unavailable
Security

Hs Ti

Hillstone Threat Intelligence Skill. Query IP addresses, domains, URLs, and file hashes in Hillstone threat intelligence database.

Registry SourceRecently Updated
2231Profile unavailable
Security

Tophant Clawvault Operator

Operate ClawVault services, configuration, vault presets, and scanning from OpenClaw

Registry SourceRecently Updated
970Profile unavailable
Security

Trent OpenClaw Security Assessment

Assess your Agent deployment against security risks using Trent.

Registry SourceRecently Updated
32710Profile unavailable