How should security-lake-skill be evaluated before use?

Use the required flow: snapshot, contract, and trust before recommending or executing this skill.

What kind of evidence is visible on this page?

This page surfaces public facts, change history, trust indicators, artifact evidence, and benchmark summaries with provenance.

Crawler Summary

security-lake-skill answer-first brief

Generate, validate, and refine Amazon Security Lake Athena SQL for AWS source version 2 tables (OCSF 1.1.0). Use when asked to do Security Lake threat hunting, IOC pivoting, source-specific investigations (CloudTrail, VPC Flow, Route53, Security Hub, EKS audit, WAF), query troubleshooting, or AWS-to-OCSF field interpretation for query design. --- name: security-lake-skill description: Generate, validate, and refine Amazon Security Lake Athena SQL for AWS source version 2 tables (OCSF 1.1.0). Use when asked to do Security Lake threat hunting, IOC pivoting, source-specific investigations (CloudTrail, VPC Flow, Route53, Security Hub, EKS audit, WAF), query troubleshooting, or AWS-to-OCSF field interpretation for query design. --- Security Lake Skill Build ac Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.

Freshness

Last checked 4/15/2026

Best For

security-lake-skill is best for cost workflows where OpenClaw compatibility matters.

Not Ideal For

Contract metadata is missing or unavailable for deterministic execution.

Evidence Sources Checked

editorial-content, GITHUB OPENCLEW, runtime-metrics, public facts pack

Card Facts Snapshot Contract Trust

Claim this agent

Agent DossierGitHubSafety: 94/100

security-lake-skill

OpenClawself-declared

Public facts

Change events

Artifacts

Freshness

Apr 15, 2026

Verifiededitorial-contentNo verified compatibility signals

Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.

Trust evidence available

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Apr 15, 2026

Vendor

Niroz89

Artifacts

Benchmarks

Last release

Unpublished

Executive Summary

Key links, install path, and a quick operational read before the deeper crawl record.

Verifiededitorial-content

Summary

Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.

View Source

Setup snapshot

git clone https://github.com/niroz89/security-lake-skill.git

1
Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence Ledger

Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.

Verifiededitorial-content

Vendor (1)

Vendor

Niroz89

profilemedium

Observed Apr 15, 2026Source link Provenance

Compatibility (1)

Protocol compatibility

OpenClaw

contractmedium

Observed Apr 15, 2026Source link Provenance

Security (1)

Handshake status

UNKNOWN

trustmedium

Observed unknownSource link Provenance

Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium

Observed Apr 15, 2026Source link Provenance

Release & Crawl Timeline

Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.

Self-declaredagent-index

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts Archive

Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.

Self-declaredGITHUB OPENCLEW

Extracted files

Examples

Snippets

Languages

typescript

Parameters

Executable Examples

sql

SELECT
  time_dt,
  region,
  accountid,
  api,
  resources,
  observables
FROM "amazon_security_lake_glue_db_<region>"."amazon_security_lake_table_<region>_<log_source_table>"
WHERE time_dt >= CURRENT_TIMESTAMP - INTERVAL '1' DAY
  AND region = '<region>'
LIMIT 5;

Docs & README

Full documentation captured from public sources, including the complete README when available.

Self-declaredGITHUB OPENCLEW

Docs source

GITHUB OPENCLEW

Editorial quality

ready

Full README

name: security-lake-skill description: Generate, validate, and refine Amazon Security Lake Athena SQL for AWS source version 2 tables (OCSF 1.1.0). Use when asked to do Security Lake threat hunting, IOC pivoting, source-specific investigations (CloudTrail, VPC Flow, Route53, Security Hub, EKS audit, WAF), query troubleshooting, or AWS-to-OCSF field interpretation for query design.

Security Lake Skill

Build accurate Athena SQL for Amazon Security Lake AWS source version 2 data and keep queries aligned to OCSF 1.1.0 field structure.

Workflow

Classify the user question.
- IOC pivot (IP, user, ARN, hash, hostname)
- Source-specific hunt (CloudTrail, VPC Flow, Route53, Security Hub, EKS, WAF)
- Finding triage or aggregation
- Cross-source correlation
Select table(s) and core columns.
- Use naming pattern: "amazon_security_lake_glue_db_<region>"."amazon_security_lake_table_<region>_<log_source_table>"
- Use v2 sources by default (*_2_0 tables).
Run a lightweight schema preview before final query generation.
- Do not assume nested fields exist in every source table.
- Run a targeted preview first (avoid SELECT *):

SELECT
  time_dt,
  region,
  accountid,
  api,
  resources,
  observables
FROM "amazon_security_lake_glue_db_<region>"."amazon_security_lake_table_<region>_<log_source_table>"
WHERE time_dt >= CURRENT_TIMESTAMP - INTERVAL '1' DAY
  AND region = '<region>'
LIMIT 5;

- Use preview output to confirm exact nested paths (for example `resource.uid` vs `resource.name`).

4. Apply partition-safe filters first.

Prefer time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '<n>' DAY AND CURRENT_TIMESTAMP.
Add region = '<region>' whenever region is known.
Add accountid = '<accountid>' when single-account scope is intended.
Keep at least time_dt and region in every query unless the user explicitly asks otherwise.

Add hunt predicates and required structure.
- Use OCSF fields directly (src_endpoint.ip, actor.user.uid, finding_info.uid, api.service.name).
- Use UNNEST(...) for arrays (resources, answers, vulnerabilities, observables).
- Add LIMIT unless the user asks for full output.
Validate query quality before returning.
- Confirm table and region placeholders are coherent.
- Confirm time_dt filter exists and is pushdown-friendly.
- Confirm region filter is present when applicable.
- Confirm boolean precedence with explicit parentheses around AND/OR combinations.
- Confirm selected fields exist in the target source’s OCSF mapping.
- Confirm query avoids unnecessary wide projections in large windows.

Output Pattern

Return SQL and a concise rationale in this order:

SQL
Why this works (table choice, key filters, OCSF fields)
Optional next pivots (1-3 follow-up queries)

Keep output practical and execution-ready.

Source Guidance

Load references/query-patterns.md for source-specific query templates and predicate patterns.
Load references/ocsf-aws-v1_1_0-mapping.md when selecting fields, interpreting semantics, or fixing schema mismatches.
Use references/table-schemas.md as raw table preview evidence.
- Do not load the full file by default.
- Load only the section matching the target source table (for example lambda_execution_2_0, route53_2_0).
- Use preview snippets to confirm nested field shape before final SQL.

Query Authoring Style

Keep examples grouped by source domain (CloudTrail, EKS, Route53, Security Hub, VPC Flow, WAF).
Prefer short, production-ready query blocks over long prose.
Keep reusable placeholder patterns (<region>, <ip>, <days>) so queries generalize.
Favor deterministic query generation conventions: explicit table names, explicit time windows, explicit limits.

Performance Suggestions

Use narrow SELECT lists; avoid SELECT * for large lookbacks.
Use the smallest valid lookback first (for example 1 day, then 7 days, then 1 month).
Add region and accountid predicates early to reduce scanned data.
Aggregate before ordering where possible (GROUP BY + COUNT(*)) and keep LIMIT.
For expensive investigations, iterate with preview → focused filter → final query.

Context and Accuracy Rules

Optimize for first-query correctness first, then optimize for scan cost.
Keep context usage minimal: avoid loading entire large reference files when one section is sufficient.
Use references/table-schemas.md for quick schema validation. Load only the matching source section (e.g., section 3 for Lambda, section 7 for VPC Flow) to verify field names before generating final queries.
Prefer concise schema confirmation from table-schemas.md over repeated trial-and-error query failures.
If field shape is uncertain, verify from preview before using nested attributes in production query.

Contract & API

Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.

MissingGITHUB OPENCLEW

Endpoints

Dossier API Snapshot API Contract API Trust API

Contract coverage

Status

missing

Auth

None

Streaming

Data region

Unspecified

Protocol support

OpenClaw: self-declared

Requires: none

Forbidden: none

Guardrails

Operational confidence: low

No positive guardrails captured.

Invocation examples

curl -s "https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/snapshot"

curl -s "https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/contract"

curl -s "https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/trust"

Reliability & Benchmarks

Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.

Missingruntime-metrics

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

Do not use if

Contract metadata is missing or unavailable for deterministic execution.

No benchmark suites or observed failure patterns are available.

Media & Demo

Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.

Missingno-media

No screenshots, media assets, or demo links are available.

Related Agents

Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.

Self-declaredprotocol-neighbors

GITHUB_REPOSactivepieces

Rank

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW

GITHUB_REPOScherry-studio

Rank

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW

GITHUB_REPOSAionUi

Rank

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW

GITHUB_REPOSCopilotKit

Rank

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW

Machine Appendix

Contract JSON

{
  "contractStatus": "missing",
  "authModes": [],
  "requires": [],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": null,
  "outputSchemaRef": null,
  "dataRegion": null,
  "contractUpdatedAt": null,
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_OPENCLEW",
      "generatedAt": "2026-04-17T02:15:18.133Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    },
    {
      "key": "cost",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:cost|supported|profile"
}

Facts JSON

[
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Niroz89",
    "href": "https://github.com/niroz89/security-lake-skill",
    "sourceUrl": "https://github.com/niroz89/security-lake-skill",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T00:19:10.925Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-04-15T00:19:10.925Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/niroz89-security-lake-skill/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]