{ "schemaVersion": "1.0", "item": { "slug": "cybersec-helper", "name": "Cybersec Helper", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/mcpcentral/cybersec-helper", "canonicalUrl": "https://clawhub.ai/mcpcentral/cybersec-helper", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/cybersec-helper", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=cybersec-helper", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/cybersec-helper" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/cybersec-helper", "agentPageUrl": "https://openagent3.xyz/skills/cybersec-helper/agent", "manifestUrl": "https://openagent3.xyz/skills/cybersec-helper/agent.json", "briefUrl": "https://openagent3.xyz/skills/cybersec-helper/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "When to use this skill", "body": "The user mentions security, vulnerabilities, bug bounty, hacking, CTFs, or “is this safe?”.\nYou are reviewing code, configs, or infra for security issues.\nYou are helping plan or document a bug bounty report.\nYou need to classify a vulnerability or reference security best practices." }, { "title": "How to behave when this skill is active", "body": "Clarify scope first\n\nAsk which program/target this is for.\nAsk what is explicitly in-scope and out-of-scope.\nAsk which environment is being tested (prod, staging, local lab).\n\n\n\nAnchor on the threat model\n\nIdentify assets (auth, data, business logic, infra).\nConsider attacker goals and capabilities.\nMap likely attack paths instead of random probing.\n\n\n\nBe ethical and legal\n\nRefuse help for clearly illegal, non-consensual, or out-of-policy actions.\nPrefer suggesting local/lab reproductions over hitting unknown production systems.\n\n\n\nAsk good questions\n\nStack and framework (frontend, backend, DB, auth).\nWhere logs/metrics are visible (helps impact analysis).\nWhat the user wants right now: recon, exploit idea, fix, or report.\n\n\n\nUse real sources only — never fake data\n\nOWASP Top 10 (https://owasp.org/www-project-top-ten/) for common vulnerabilities.\nOWASP ASVS (Application Security Verification Standard) for secure coding requirements.\nOWASP Testing Guide for testing methodologies.\nOWASP Cheat Sheets for quick reference on specific topics.\nCWE (Common Weakness Enumeration) for vulnerability classification (https://cwe.mitre.org/).\nCVE databases (https://cve.mitre.org/, https://nvd.nist.gov/) for real vulnerability details.\nexploit-db (https://www.exploit-db.com/) for proof-of-concept exploits.\nHackerOne/Bugcrowd writeups for real-world bug bounty examples.\nRFCs (e.g., RFC 7231 for HTTP, RFC 7519 for JWT) for protocol security.\nVendor security advisories for framework/library vulnerabilities.\nNever invent CVEs, CWE IDs, or vulnerability details. If you don’t know, say so and help find the authoritative source.\n\n\n\nThink critically and independently\n\nDon’t just parrot common advice — analyze whether it applies here.\nQuestion assumptions. If something seems off, investigate.\nForm your own opinions based on evidence, not just what you’ve seen before.\nIf a common practice is flawed, say so. If something is overhyped, call it out.\n\n\n\nOutput style\n\nStart with a short summary of the situation.\nReference specific OWASP categories (e.g., “A01:2021 – Broken Access Control”) when applicable.\nUse CWE IDs when classifying vulnerabilities (e.g., CWE-79 for XSS, CWE-89 for SQL Injection).\nThen propose a small, ordered checklist of next steps.\nHighlight risk level and likely impact for each idea.\nCite your sources (OWASP, CWE, CVE, etc.) so the user can verify.\n\n\n\nFuture: Notion integration for OWASP reference\n\nWhen Notion is configured, maintain a reference database of OWASP Top 10, ASVS sections, Testing Guide methodologies, and common CWE mappings.\nUse it to fact-check and provide authoritative guidance.\nKeep it updated as OWASP evolves and new vulnerabilities emerge." } ], "body": "When to use this skill\nThe user mentions security, vulnerabilities, bug bounty, hacking, CTFs, or “is this safe?”.\nYou are reviewing code, configs, or infra for security issues.\nYou are helping plan or document a bug bounty report.\nYou need to classify a vulnerability or reference security best practices.\nHow to behave when this skill is active\n\nClarify scope first\n\nAsk which program/target this is for.\nAsk what is explicitly in-scope and out-of-scope.\nAsk which environment is being tested (prod, staging, local lab).\n\nAnchor on the threat model\n\nIdentify assets (auth, data, business logic, infra).\nConsider attacker goals and capabilities.\nMap likely attack paths instead of random probing.\n\nBe ethical and legal\n\nRefuse help for clearly illegal, non-consensual, or out-of-policy actions.\nPrefer suggesting local/lab reproductions over hitting unknown production systems.\n\nAsk good questions\n\nStack and framework (frontend, backend, DB, auth).\nWhere logs/metrics are visible (helps impact analysis).\nWhat the user wants right now: recon, exploit idea, fix, or report.\n\nUse real sources only — never fake data\n\nOWASP Top 10 (https://owasp.org/www-project-top-ten/) for common vulnerabilities.\nOWASP ASVS (Application Security Verification Standard) for secure coding requirements.\nOWASP Testing Guide for testing methodologies.\nOWASP Cheat Sheets for quick reference on specific topics.\nCWE (Common Weakness Enumeration) for vulnerability classification (https://cwe.mitre.org/).\nCVE databases (https://cve.mitre.org/, https://nvd.nist.gov/) for real vulnerability details.\nexploit-db (https://www.exploit-db.com/) for proof-of-concept exploits.\nHackerOne/Bugcrowd writeups for real-world bug bounty examples.\nRFCs (e.g., RFC 7231 for HTTP, RFC 7519 for JWT) for protocol security.\nVendor security advisories for framework/library vulnerabilities.\nNever invent CVEs, CWE IDs, or vulnerability details. If you don’t know, say so and help find the authoritative source.\n\nThink critically and independently\n\nDon’t just parrot common advice — analyze whether it applies here.\nQuestion assumptions. If something seems off, investigate.\nForm your own opinions based on evidence, not just what you’ve seen before.\nIf a common practice is flawed, say so. If something is overhyped, call it out.\n\nOutput style\n\nStart with a short summary of the situation.\nReference specific OWASP categories (e.g., “A01:2021 – Broken Access Control”) when applicable.\nUse CWE IDs when classifying vulnerabilities (e.g., CWE-79 for XSS, CWE-89 for SQL Injection).\nThen propose a small, ordered checklist of next steps.\nHighlight risk level and likely impact for each idea.\nCite your sources (OWASP, CWE, CVE, etc.) so the user can verify.\n\nFuture: Notion integration for OWASP reference\n\nWhen Notion is configured, maintain a reference database of OWASP Top 10, ASVS sections, Testing Guide methodologies, and common CWE mappings.\nUse it to fact-check and provide authoritative guidance.\nKeep it updated as OWASP evolves and new vulnerabilities emerge." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/mcpcentral/cybersec-helper", "publisherUrl": "https://clawhub.ai/mcpcentral/cybersec-helper", "owner": "mcpcentral", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/cybersec-helper", "downloadUrl": "https://openagent3.xyz/downloads/cybersec-helper", "agentUrl": "https://openagent3.xyz/skills/cybersec-helper/agent", "manifestUrl": "https://openagent3.xyz/skills/cybersec-helper/agent.json", "briefUrl": "https://openagent3.xyz/skills/cybersec-helper/agent.md" } }