jpskill.com
🛠️ 開発・MCP コミュニティ

ioc-analysis

Analyzes indicators of compromise (IOCs) to detect and respond to cybersecurity threats.

⚡ おすすめ: コマンド1行でインストール(60秒)

下記のコマンドをコピーしてターミナル(Mac/Linux)または PowerShell(Windows)に貼り付けてください。 ダウンロード → 解凍 → 配置まで全自動。

🍎 Mac / 🐧 Linux 
mkdir -p ~/.claude/skills && cd ~/.claude/skills && curl -L -o ioc-analysis.zip https://jpskill.com/download/22041.zip && unzip -o ioc-analysis.zip && rm ioc-analysis.zip
🪟 Windows (PowerShell) 
$d = "$env:USERPROFILE\.claude\skills"; ni -Force -ItemType Directory $d | Out-Null; iwr https://jpskill.com/download/22041.zip -OutFile "$d\ioc-analysis.zip"; Expand-Archive "$d\ioc-analysis.zip" -DestinationPath $d -Force; ri "$d\ioc-analysis.zip"

完了後、Claude Code を再起動 → 普通に「動画プロンプト作って」のように話しかけるだけで自動発動します。

💾 手動でダウンロードしたい(コマンドが難しい人向け)
  1. 1. 下の青いボタンを押して ioc-analysis.zip をダウンロード
  2. 2. ZIPファイルをダブルクリックで解凍 → ioc-analysis フォルダができる
  3. 3. そのフォルダを C:\Users\あなたの名前\.claude\skills\(Win)または ~/.claude/skills/(Mac)へ移動
  4. 4. Claude Code を再起動
⬇ .zip でダウンロード(推奨) ⬇ .skill 形式(上級者用) 元のソース ↗

⚠️ ダウンロード・利用は自己責任でお願いします。当サイトは内容・動作・安全性について責任を負いません。

🎯 このSkillでできること

下記の説明文を読むと、このSkillがあなたに何をしてくれるかが分かります。Claudeにこの分野の依頼をすると、自動で発動します。

📦 インストール方法 (3ステップ)

  1. 1. 上の「ダウンロード」ボタンを押して .skill ファイルを取得
  2. 2. ファイル名の拡張子を .skill から .zip に変えて展開(macは自動展開可)
  3. 3. 展開してできたフォルダを、ホームフォルダの .claude/skills/ に置く
    • · macOS / Linux: ~/.claude/skills/
    • · Windows: %USERPROFILE%\.claude\skills\

Claude Code を再起動すれば完了。「このSkillを使って…」と話しかけなくても、関連する依頼で自動的に呼び出されます。

詳しい使い方ガイドを見る →
最終更新
2026-05-18
取得日時
2026-05-18
同梱ファイル
1
📖 Claude が読む原文 SKILL.md(中身を展開)

この本文は AI(Claude)が読むための原文(英語または中国語)です。日本語訳は順次追加中。

ioc-analysis

Purpose

This skill enables the analysis of indicators of compromise (IOCs), such as IP addresses, domains, file hashes, and URLs, to identify potential threats, correlate them with known attack patterns, and generate actionable insights for cybersecurity defense.

When to Use

  • Use during incident response when a suspicious artifact (e.g., an IP from a log) needs immediate verification.
  • Apply in proactive threat hunting to scan for IOCs in network traffic or endpoint data.
  • Integrate into automated workflows for daily security monitoring of external feeds.

Key Capabilities

  • Parse and enrich IOCs using threat intelligence databases, including IP geolocation, domain reputation, and hash matching.
  • Detect anomalies by cross-referencing IOCs against predefined threat feeds or custom rulesets.
  • Generate reports with severity scores, related threats, and recommended mitigations.
  • Support bulk analysis for processing multiple IOCs in a single operation.
  • Integrate with logging systems to automate alerts based on analysis results.

Usage Patterns

Always initialize the skill with authentication via the $OPENCLAW_API_KEY environment variable. Use the CLI for quick queries or the API for programmatic integration. For CLI, pipe inputs from files; for API, handle requests in loops for batch processing. Validate IOC formats before submission (e.g., IPv4 as dotted decimal). Structure workflows to check for errors after each call and retry transient failures.

Common Commands/API

  • CLI Command: Run openclaw ioc-analysis --ioc 192.168.1.1 --type ip --output json to analyze an IP; add --feed custom for a specific threat feed.
  • CLI Flag Details: Use --timeout 30 to set request timeout in seconds; --verbose for detailed logs.
  • API Endpoint: POST to https://api.openclaw.com/v1/ioc-analysis with JSON body like {"ioc": "example.com", "type": "domain"}.
  • API Authentication: Include header Authorization: Bearer $OPENCLAW_API_KEY.
  • Config Format: Use JSON for configurations, e.g., {"feeds": ["virustotal", "alienvault"], "threshold": 0.7} in a file passed via --config path/to/config.json.
  • Code Snippet (Python):
    import os
import requests
api_key = os.environ.get('OPENCLAW_API_KEY')
response = requests.post('https://api.openclaw.com/v1/ioc-analysis', headers={'Authorization': f'Bearer {api_key}'}, json={'ioc': '8.8.8.8', 'type': 'ip'})
print(response.json()['threats'])
  • Another Code Snippet (Shell):
    export OPENCLAW_API_KEY=your_key_here
curl -H "Authorization: Bearer $OPENCLAW_API_KEY" -X POST https://api.openclaw.com/v1/ioc-analysis -d '{"ioc": "badfile.exe", "type": "hash"}'

Integration Notes

Integrate by importing the OpenClaw SDK in your application; for example, in Python, use from openclaw import IOCAnalyzer. Set up webhooks for real-time notifications by configuring {"webhook_url": "https://your.endpoint.com/alerts"} in the API request body. Combine with other blue-team skills by chaining outputs, e.g., pipe IOC results to a threat-detection skill. Ensure compatibility by matching API versions (e.g., v1) and handle rate limits with exponential backoff. For containerized environments, mount config files as volumes and inject $OPENCLAW_API_KEY via secrets.

Error Handling

Check HTTP status codes after API calls; for 401, prompt for re-authentication. For 429 (rate limit), implement a retry loop with delays: wait 5 seconds and retry up to 3 times. Parse JSON errors for specifics, e.g., if "error": "Invalid IOC format", validate inputs first using regex (e.g., for IPs: r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$'). In CLI, capture stderr and exit codes; use try-except in code snippets to log exceptions and fallback to default actions.

Concrete Usage Examples

  1. Example 1: Analyze a Suspicious IP
    During an incident, query an IP from a firewall log: Run openclaw ioc-analysis --ioc 192.168.1.100 --type ip --feed virustotal. This returns JSON with threats like "associated with malware C2". In code: Use the snippet above, then if response['score'] > 0.5, trigger a block command.

  2. Example 2: Bulk Domain Check
    For threat hunting, process a list of domains from a CSV: First, create a config file with {"ioc_list": ["example.com", "malicious.site"], "type": "domain"}, then run openclaw ioc-analysis --config domains.json --output report.csv. In a script, loop through the list via API calls and aggregate results for reporting.

Graph Relationships

  • Related to: threat-detection (shares IOC data for enhanced alerting)
  • Connected via: blue-team cluster (collaborates on incident response workflows)
  • Links to: red-team skills (for simulation and testing of IOC detection)
  • Dependencies: Requires access to external feeds like VirusTotal or AlienVault for enrichment