Hillstone Threat Intelligence Skill

Features: Query IP addresses, domains, URLs, and file hashes in the Hillstone threat intelligence database.

New Features (v2.2.4)

- English Only: Simplified to pure English version for better international compatibility
Automatic IOC Type Detection: Automatically detect IP, domain, URL, hash, and other IOC types
Smart Caching: Built-in LRU cache with statistics and size limits, significantly improved query performance (40-60%)
Connection Pool Management: HTTP connection pool for efficient connection reuse, reduced network latency (30%)
Batch Operations: Import IOC lists from CSV, TXT, JSON files, support batch queries with progress tracking
Exponential Backoff Retry: Intelligent retry mechanism for better handling of temporary network failures
Circuit Breaker Pattern: Prevent cascading failures, improve system stability
Result Formatting: Support for text, JSON, table, and other formats
Result Export: Support for exporting to CSV, JSON, HTML, Markdown, and other formats
Logging: Complete operation logging with automatic sensitive data masking
Error Handling: Comprehensive error handling and retry mechanisms
Type Hints: Full type annotations for better code maintainability
API Key Management: Support for HILLSTONEAPIKEY environment variable, priority over config file
Security Enhancements: Sensitive data masking, log security, file permission management
Search Optimization: 70+ keywords covering brand, security, features, and more

Configuration

You need to create a config.json file and configure a valid API Key:

1. Copy config.example.json to INLINECODE2

2. Fill in your API Key in config.json:

CODEBLOCK0

Configuration Parameters:

- api_key: Hillstone Threat Intelligence API Key (required)
INLINECODE5: API URL (optional, default: https://ti.hillstonenet.com.cn)
INLINECODE6: Request timeout in seconds (optional, default: 30)
INLINECODE7: Maximum retry attempts (optional, default: 3)
INLINECODE8: Retry delay in seconds (optional, default: 1)
INLINECODE9: Enable cache (optional, default: true)
INLINECODE10: Cache time-to-live in seconds (optional, default: 3600)

Usage Examples

CODEBLOCK1

Advanced API

Use -a parameter to call the advanced API and get more detailed threat intelligence:
CODEBLOCK2

Advanced API provides:

- Basic Info: Network, carrier, location, country, province, city, coordinates
ASN Info: Autonomous System information
Threat Type: Malicious type classification
Tags: Threat-related tags
DNS Records: Reverse DNS records (up to 10)
Domain Info: Current and historical domains (up to 10)
File Associations: Downloaded, referenced, and related file hashes (malicious only)
Port Info: Open ports, application protocols, application names, versions

Supported IOC Types

- IP Address: Automatically detect and query INLINECODE12
Domain: Automatically detect and query INLINECODE13
URL: Automatically detect and query INLINECODE14
File Hash: Supports MD5/SHA1/SHA256, query INLINECODE15

Response Time Statistics

Each query displays detailed performance statistics:

- Single Query: Display response time for current call
Batch Query: Display statistics for current batch (avg/max/min/median)
Cumulative Statistics: Display cumulative statistics and total call count for all historical queries

Dependencies

- Python 3.8+
Hillstone Threat Intelligence API access permission
This skill uses Python standard library, no additional dependencies required

API Endpoints

Reputation API

- IP Query: INLINECODE16
Domain Query: INLINECODE17
URL Query: INLINECODE18
File Hash Query: INLINECODE19

Advanced Detail API

- IP Advanced Query: INLINECODE20
Domain Advanced Query: INLINECODE21
URL Advanced Query: INLINECODE22
File Hash Advanced Query: INLINECODE23

Troubleshooting

- Invalid API Key: Ensure you are using a valid Hillstone API Key
Network Connection Issues: Check if you can access INLINECODE24
Query Timeout: Default timeout is 30 seconds, can be adjusted in config.json
Encoding Issues: Ensure your system supports UTF-8 encoding
Log Viewing: Log file is located at INLINECODE25

Security Best Practices

API Key Management

Recommended Approach:

- Use environment variable for API key (recommended)

  export HILLSTONE_API_KEY="your-api-key-here"

- Ensure environment variable is not logged to history

CODEBLOCK4

Configuration File Approach:

- If configuration file must be used, ensure:

- File permissions are set to owner-only read: chmod 600 config.json
- Configuration file is not committed to version control
- Configuration file is added to INLINECODE27

File Permissions

Configuration File:
CODEBLOCK5

Log File:
CODEBLOCK6

Version History

[2.2.4] - 2026-04-02

- Changed to pure English version
Removed all Chinese content for better international compatibility
Simplified documentation structure

[2.2.3] - 2026-04-01

- Added environment variable support (HILLSTONEAPIKEY)
Enhanced log security with automatic sensitive data masking
Added comprehensive security documentation (SECURITY.md)
Improved transparency in package.json

[2.2.2] - 2026-03-31

- Added LRU cache mechanism
Implemented HTTP connection pool
Added batch operations support
Implemented exponential backoff retry
Added circuit breaker pattern
Enhanced error handling
Added comprehensive type hints
Optimized search keywords

License

MIT License

Support

- Homepage: https://clawhub.ai/maxjia/hs-ti
Issues: https://github.com/your-repo/hs-ti/issues

Hillstone威胁情报技能

特性: 在Hillstone威胁情报数据库中查询IP地址、域名、URL和文件哈希值。

新特性 (v2.2.4)

- 纯英文版: 简化为纯英文版本，提升国际兼容性
自动IOC类型检测: 自动检测IP、域名、URL、哈希值等IOC类型
智能缓存: 内置LRU缓存，带统计信息和大小限制，显著提升查询性能（40-60%）
连接池管理: HTTP连接池实现高效连接复用，降低网络延迟（30%）
批量操作: 从CSV、TXT、JSON文件导入IOC列表，支持带进度跟踪的批量查询
指数退避重试: 智能重试机制，更好处理临时网络故障
断路器模式: 防止级联故障，提升系统稳定性
结果格式化: 支持文本、JSON、表格等多种格式
结果导出: 支持导出为CSV、JSON、HTML、Markdown等格式
日志记录: 完整的操作日志，自动屏蔽敏感数据
错误处理: 全面的错误处理和重试机制
类型提示: 完整的类型注解，提升代码可维护性
API密钥管理: 支持HILLSTONEAPIKEY环境变量，优先级高于配置文件
安全增强: 敏感数据屏蔽、日志安全、文件权限管理
搜索优化: 70+关键词，覆盖品牌、安全、功能等

配置

您需要创建config.json文件并配置有效的API密钥：

1. 将config.example.json复制为config.json

2. 在config.json中填写您的API密钥：

json
{
api_key: your-api-key-here,
api_url: https://ti.hillstonenet.com.cn,
timeout: 30,
max_retries: 3,
retry_delay: 1,
cache_enabled: true,
cache_ttl: 3600
}

配置参数:

- apikey: Hillstone威胁情报API密钥（必填）
apiurl: API地址（可选，默认：https://ti.hillstonenet.com.cn）
timeout: 请求超时时间（秒，可选，默认：30）
maxretries: 最大重试次数（可选，默认：3）
retrydelay: 重试延迟（秒，可选，默认：1）
cacheenabled: 启用缓存（可选，默认：true）
cachettl: 缓存生存时间（秒，可选，默认：3600）

使用示例

/threat-check 45.74.17.165
/threat-check deli.ydns.eu
/threat-check 45.74.17.165,deli.ydns.eu,www.blazingelectricz.com
/threat-check -a 45.74.17.165
/threat-check -a deli.ydns.eu

高级API

使用-a参数调用高级API，获取更详细的威胁情报：

/threat-check -a 45.74.17.165

高级API提供：

- 基本信息: 网络、运营商、位置、国家、省份、城市、坐标
ASN信息: 自治系统信息
威胁类型: 恶意类型分类
标签: 威胁相关标签
DNS记录: 反向DNS记录（最多10条）
域名信息: 当前和历史域名（最多10个）
文件关联: 下载、引用和相关文件哈希值（仅恶意）
端口信息: 开放端口、应用协议、应用名称、版本

支持的IOC类型

- IP地址: 自动检测并查询/api/ip/reputation
域名: 自动检测并查询/api/domain/reputation
URL: 自动检测并查询/api/url/reputation
文件哈希值: 支持MD5/SHA1/SHA256，查询/api/file/reputation

响应时间统计

每次查询显示详细的性能统计：

- 单次查询: 显示当前调用的响应时间
批量查询: 显示当前批次的统计信息（平均/最大/最小/中位数）
累计统计: 显示所有历史查询的累计统计和总调用次数

依赖项

- Python 3.8+
Hillstone威胁情报API访问权限
本技能使用Python标准库，无需额外依赖

API端点

信誉API

- IP查询: /api/ip/reputation?key={ip}
域名查询: /api/domain/reputation?key={domain}
URL查询: /api/url/reputation?key={url}
文件哈希查询: /api/file/reputation?key={hash}

高级详情API

- IP高级查询: /api/ip/detail?key={ip}
域名高级查询: /api/domain/detail?key={domain}
URL高级查询: /api/url/detail?key={url}
文件哈希高级查询: /api/file/detail?key={hash}

故障排除

- API密钥无效: 确保使用有效的Hillstone API密钥
网络连接问题: 检查是否能访问https://ti.hillstonenet.com.cn
查询超时: 默认超时时间为30秒，可在config.json中调整
编码问题: 确保系统支持UTF-8编码
日志查看: 日志文件位于~/.openclaw/logs/hs_ti.log

安全最佳实践

API密钥管理

推荐方法:

- 使用环境变量设置API密钥（推荐）

bash
export HILLSTONEAPIKEY=your-api-key-here

- 确保环境变量不会记录到历史中

bash # 在bash中 export HISTCONTROL=ignorespace export HILLSTONEAPIKEY=your-api-key-here

# 在PowerShell中
$env:HILLSTONEAPIKEY=your-api-key-here

配置文件方法:

- 如果必须使用配置文件，请确保：

- 文件权限设置为仅所有者可读：chmod 600 config.json
- 配置文件不提交到版本控制
- 配置文件添加到.gitignore

文件权限

配置文件:
bash

设置配置文件权限

chmod 600 ~/.openclaw/skills/hs-ti/config.json

确保目录权限正确

chmod 700 ~/.openclaw/skills/hs-ti/

日志文件:
bash

设置日志文件权限

chmod 600 ~/.openclaw/logs/hs_ti.log

确保日志目录权限正确

chmod 700 ~/.openclaw/logs/

版本历史

[2.2.4] - 2026-04-02

- 改为纯英文版本
移除所有中文内容，提升国际兼容性
简化文档结构

[2.2.3] - 2026-04-01

- 添加环境变量支持（HILLSTONEAPIKEY）
增强日志安全，自动屏蔽敏感数据
添加全面的安全文档（SECURITY.md）
提升package.json的透明度

[2.2.2] - 2026-03-31

- 添加LRU缓存机制
实现HTTP连接池
添加批量操作支持
实现指数退避重试
添加断路器模式
增强错误处理
添加全面的类型提示
优化搜索关键词

许可证

MIT许可证

支持

- 主页: https://clawhub.ai/maxjia/hs-ti
问题反馈: https://github.com/your-repo/hs-ti/issues

hs-ti山石威胁情报

hs-ti

Hillstone Threat Intelligence Skill

New Features (v2.2.4)

Configuration

Usage Examples

Advanced API

Supported IOC Types

Response Time Statistics

Dependencies

API Endpoints

Reputation API

Advanced Detail API

Troubleshooting

Security Best Practices

API Key Management

File Permissions

Version History

[2.2.4] - 2026-04-02

[2.2.3] - 2026-04-01

[2.2.2] - 2026-03-31

License

Support

Hillstone威胁情报技能

新特性 (v2.2.4)

配置

使用示例

高级API

支持的IOC类型

响应时间统计

依赖项

API端点

信誉API

高级详情API

故障排除

安全最佳实践

API密钥管理

文件权限

设置配置文件权限

确保目录权限正确

设置日志文件权限

确保日志目录权限正确

版本历史

[2.2.4] - 2026-04-02

[2.2.3] - 2026-04-01

[2.2.2] - 2026-03-31

许可证

支持

标签

通过对话安装

方式一：安装 SkillHub 和技能

方式二：设置 SkillHub 为优先技能安装源

通过命令行安装

下载

相关推荐

self-improvement

self-improvement

self-improvement

self-improvement