← 返回
未分类 Key 中文

Find Cybersecurity Firm

Use whenever the user wants to find, shortlist, vet, or enrich US cybersecurity firms — pen-testing/red team, security audits, vCISO, SOC 2 readiness, incide...
当用户需要寻找、筛选、审查或丰富美国网络安全公司(渗透测试/红队、安全审计、vCISO、SOC 2合规、事件响应等)时使用。
nostrband nostrband 来源
未分类 clawhub v1.0.1 1 版本 100000 Key: 需要
★ 0
Stars
📥 130
下载
💾 1
安装
1
版本
#latest

概述

find-cybersecurity-firm

Drive the ServiceGraph API (https://api.servicegraph.co) to find,

shortlist, and enrich US cybersecurity firms via the pro_services

dataset.

Always pin service_provided:cybersecurity — that's the only

relevant structured tag in the live catalog. Older docs and the

catalog source mention sub-tags like pen-testing and

security-audit, but in the current release **none of those exist as

separate tags** — cybersecurity is the broad catch-all and every

sub-type (pen-testing, red-team, vCISO, SOC 2 readiness, IR retainer,

IAM, cloud security, AppSec) is a keyword substring search on firm

text. Confirm via /v1/datasets/pro_services/fields?include_values=1

once per session.

The industry tag also drifts between releases — newer catalogs may

use industry:cybersecurity, older ones used industry:security.

Confirm the value via /fields and pin both industry and

service_provided:cybersecurity for safety.

Any HTTP client works (curl, fetch, requests). Examples below use curl.

When NOT to use this skill

  • Consumer/personal cybersecurity ("my Gmail got hacked", "how do I secure my home wifi") — the catalog is B2B procurement only.
  • In-house security hires (Security Engineer, CISO, SOC analyst).
  • DIY/configuration questions ("how do I patch CVE-X", "configure firewall rules", "review this Terraform").
  • Security-product comparisons (CrowdStrike vs SentinelOne, EDR vendors, SIEM vendors).
  • Generic security knowledge ("explain zero-trust", "what is OWASP Top 10").
  • Non-US firms / individual freelance pen-testers / bug-bounty hunters.

MCP server (preferred for authed calls)

If your harness has the ServiceGraph MCP server loaded (tools

containing servicegraph), prefer those — OAuth 2.1 + PKCE keeps the

token in the harness sandbox. Otherwise use the REST flow below.

API surface (dataset id: pro_services)

Every endpoint requires the bearer (Authorization: Bearer vk_…).

No anonymous tier.

EndpointCostUse it for
---------
GET /v1/datasets/pro_services/fields[?include_values=1]freeConfirm industry value name and cybersecurity is in service_provided.
GET /v1/datasets/pro_services/check?filter=…freeValidate filter.
POST /v1/datasets/pro_services/translate-intentfree{intent} → DSL filter + sanity count.
GET /v1/datasets/pro_services/search?filter=…&limit=freeBrief firm cards + per-row unlock hint + total.
GET /v1/datasets/pro_services/:apexfreeOne row brief; detail only if unlocked.
POST /v1/datasets/pro_services/unlocks10 credits / firm{apexes:[...]} ≤100; atomic; 30-day TTL on detail.
GET /v1/me/creditsfreeBalance.

Cost model. Discovery / validation / search / brief reads are

free. Detail (url, phone, email, social, address, full platforms

map) costs 10 credits per firm and lasts 30 days.

Auth

vk_ API keys minted in the dashboard. *Keep the token out of the

LLM context* — never read .env into your context; dispatch via

shell.

  1. Try the call first through a shell wrapper that sources .env.local:

```bash

( set -a; [ -f .env.local ] && . ./.env.local; set +a;

curl -sS -H "Authorization: Bearer $SERVICEGRAPH_API_KEY" \

'https://api.servicegraph.co/v1/datasets/pro_services/fields' )

```

  1. On 401 prompt the user:

> "Open https://servicegraph.co/profile/api-keys, create a

> key, and add SERVICEGRAPH_API_KEY=vk_… to .env.local here

> (or export it). Tell me when done. Please don't paste the key

> into chat."

  1. Retry after the user signals ready.

Filter DSL

GitHub-search-style.

filter   := orExpr
orExpr   := andExpr ("OR" andExpr)*
andExpr  := notExpr (("AND")? notExpr)*    # whitespace = implicit AND
notExpr  := ("NOT" | "-") notExpr | atom
atom     := "(" filter ")" | predicate
predicate:= IDENT op valueOrList | bareword
op       := ":" | "=" | ">=" | "<=" | ">" | "<"
valueOrList := value ("," value)*
value    := IDENT | NUMBER | tagAtEvidence
tagAtEvidence := IDENT "@" ("low"|"medium"|"high")
bareword := IDENT | NUMBER          # → keyword:<bareword>

Four rules that bite: AND binds tighter than OR (use parens);

comma list = OR within one predicate; negation is -x or NOT x;

bareword = keyword search (quote multi-word phrases).

Cybersecurity examples (validate yours with /check; replace

cybersecurity with whatever /fields returns as the industry value):

industry:cybersecurity service_provided:cybersecurity
service_provided:cybersecurity pen-testing
service_provided:cybersecurity "security audit" "soc 2"
service_provided:cybersecurity vciso
service_provided:cybersecurity "incident response" retainer
service_provided:cybersecurity cloud aws
service_provided:cybersecurity "application security" sast
service_provided:cybersecurity rating>=4 has:clutch
service_provided:cybersecurity hipaa

The live catalog has no separate pen-testing / security-audit /

appsec tags — pin service_provided:cybersecurity and treat all

sub-types as keywords.

Sub-type → keyword mapping (all sub-types are keyword-only):

User asks forUse
------
Pen test / red teampen-testing, "red team"
Security audit / assessmentaudit, assessment
vCISO / fractional CISOvciso, "fractional ciso"
SOC 2 readiness"soc 2", readiness
Incident response / forensics"incident response", forensics, "ir retainer"
Cloud security"cloud security", aws, gcp, azure
Identity / IAMiam, identity
Application security / SAST/DAST"application security", appsec, sast, dast
Compliance frameworkspci, hipaa, "iso 27001", nist

Identifying firms — apex

Firms are identified by their apex domain (mandiant.com, not

www.mandiant.com/about).

Recipes

A. Pen test for SOC 2

User: "Pen-testing firm for our SOC 2 audit."

GET /v1/datasets/pro_services/search?filter=service_provided:cybersecurity+pen-testing+"soc 2"&limit=10
# Present, get pick of 3. "Unlocking 3 = 30 credits, 30-day TTL."
POST /v1/datasets/pro_services/unlocks
  { "apexes": ["firm-a.com", "firm-b.com", "firm-c.com"] }

B. vCISO for a healthcare-tech startup

GET /v1/datasets/pro_services/search?filter=service_provided:cybersecurity+vciso+(healthcare OR hipaa)&limit=10

C. Incident response retainer

User: "Incident response retainer in case we get breached."

GET /v1/datasets/pro_services/search?filter=service_provided:cybersecurity+"incident response"+retainer&limit=10

If thin, drop retainer — most IR firms offer retainer engagements as standard.

D. Cloud security + AWS + HIPAA

GET /v1/datasets/pro_services/search?filter=service_provided:cybersecurity+cloud+aws+hipaa&limit=10

E. Indirect intent — "we got breached"

User: "We got hit with ransomware last week — we need help fast."

That's emergency IR:

GET /v1/datasets/pro_services/search?filter=service_provided:cybersecurity+"incident response"+ransomware&limit=10

Skip validation; present briefs immediately given urgency.

F. AppSec / SAST

GET /v1/datasets/pro_services/search?filter=service_provided:cybersecurity+"application security"+(sast OR "code review")&limit=10

G. SOC 2 readiness ahead of enterprise sales

GET /v1/datasets/pro_services/search?filter=service_provided:cybersecurity+"soc 2"+(readiness OR preparation)&limit=10

H. BYO apex list — enrich domains

User pastes 8–20 cybersecurity firm domains:

  1. GET /v1/datasets/pro_services/:apex per domain — free brief

(404 = not in catalog, no charge).

  1. User picks N to fully enrich. POST /unlocks = 10×N credits,

atomic, detail returned.

  1. Re-runs within 30-day TTL are free.

Gotchas

  • Always pin the cybersecurity service tag. Without it, pen-testing / vciso / appsec keywords leak into IT-services rows that mention security.
  • Confirm the industry value name via /fields — older catalogs used industry:security, newer ones may use industry:cybersecurity. Don't hardcode.
  • Refuse consumer-personal asks. "My Gmail got hacked", "how do I secure my home wifi", "should I use a VPN" — not B2B procurement.
  • DIY/configuration questions ("patch CVE-X", "configure firewall rules", "review this Terraform") are NOT procurement.
  • Security-product comparisons (EDR, SIEM, identity providers) are NOT procurement either.
  • "Hire a security engineer / CISO" is recruiting, not procurement of a firm. Refuse.
  • Bug-bounty / freelance pen-testers are out of scope (catalog is firm-level only).
  • Sub-types are keyword-only. Multi-word sub-types split into ANDed barewords unless quoted ("incident response" → one phrase).
  • Briefs DO include apex, name, location, ratings. They DON'T include url, phone_primary, email_primary, legal_name, address_full, full platforms — those require an unlock.
  • not_found / not_in_dataset 404 = not in pro_services. Skip; not charged.
  • Unlock is atomic. N apexes either all charge (up to 10×N credits) or none on 402.
  • Within-TTL re-views are free (was_cached:true).

Errors

JSON envelope: {"error": {"code": "...", "message": "..."}}.

StatusCodeWhat to do
---------
400filter_parse_errorposition included; fix and re-validate with /check.
400kind_in_filterStrip any kind: from filter — URL is authoritative.
400field_not_in_datasetDrop the disallowed field.
400invalid_apexRe-normalize.
401unauthorized / invalid_audienceRe-prompt for fresh vk_….
402insufficient_creditsneeded and balance in payload; nothing charged.
404not_found / not_in_datasetSkip; not charged.
429rate_limitedHonor Retry-After.

End-to-end example

User: *"Three pen-testing firms for our SOC 2 audit, 4-star ratings,

ideally with HIPAA experience for a healthcare-tech context."*

GET /v1/datasets/pro_services/fields?include_values=1
GET /v1/datasets/pro_services/check?filter=service_provided:cybersecurity+pen-testing+"soc 2"+hipaa+rating>=4
GET /v1/datasets/pro_services/search?filter=...&limit=10
# Present briefs. "Unlocking 3 = 30 credits, 30-day TTL."
POST /v1/datasets/pro_services/unlocks
  { "apexes": ["firm-a.com", "firm-b.com", "firm-c.com"] }
GET /v1/me/credits

版本历史

共 1 个版本

  • v1.0.1 当前
    2026-06-04 13:58

安全检测

腾讯云安全 (Keen)

队列中

腾讯云安全 (Sanbu)

队列中

🔗 相关推荐

professional

All-Market Financial Data Hub

financial-ai-analyst
基于东方财富数据库,支持自然语言查询金融数据,覆盖A股、港股、美股、基金、债券等资产,提供实时行情、公司信息、估值、财务报表等,适用于投资研究、交易复盘、市场监控、行业分析、信用研究、财报审计、资产配置等场景,满足机构与个人需求。返回结果为
★ 134 📥 43,100
professional

A股量化 AkShare

mbpz
A股量化数据分析工具,基于AkShare库获取A股行情、财务数据、板块信息等。用于回答关于A股股票查询、行情数据、财务分析、选股等问题。
★ 201 📥 64,397
professional

Stock Market Pro

kys42
Yahoo Finance (yfinance) 驱动的股票分析技能:行情报价、基本面、ASCII 趋势图、高分辨率图表(RSI/MACD/BB/VWAP/ATR),以及可选的网络...
★ 166 📥 40,495