ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nmap Pentest Scans

v0.1.0

Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.

0· 726·8 current·8 all-time
byMuhammad Mazhar Saeed@0x-professor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description promise matches the primary behavior: producing Nmap scan workflows, profiles, and artifacts. One mismatch: the description/README language implies the skill can 'orchestrate' live scans, but the included code only generates plans/commands and writes artifacts rather than invoking nmap or performing network operations. No Nmap binary is required (and none is installed), which is coherent with a planner but not with a fully automated runner.
Instruction Scope
SKILL.md and the script are scoped to planning: validate scope, require explicit authorization for non-dry-run, build command sequences, and produce deterministic artifacts. The script validates scope and enforces --i-have-authorization for active runs. It reads input payload and scope files and writes artifacts under the output path — these file reads/writes are expected for this purpose. It does not perform network access or transmit data externally.
Install Mechanism
There is no install spec (instruction-only plus a local Python script), so nothing is downloaded or extracted. Risk from installation is minimal.
Credentials
No environment variables, credentials, or config paths are requested. The script reads a scope file and an input payload (expected for planning) but does not ask for unrelated secrets or platform keys.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request elevated or persistent platform privileges. It writes artifacts to the output path provided by the user, which is normal for a planner.
Assessment
This skill appears to be a planner that produces reproducible Nmap command sequences and reports; it enforces scope checks and requires an explicit authorization flag before non-dry-run execution. Before installing or running it: ensure the referenced shared module (autonomous-pentester/shared/pentest_common) is present and trusted in your environment, confirm you understand where the skill will read scope/input files and write artifacts, and be aware the skill will not actually execute nmap commands (you or another tool must run the generated commands). If you expected an automated runner that executes scans, note this skill only generates plans and findings artifacts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e92xfj4tw0gqd8515ftrs198204xm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments