Nmap Pentest Scans

Type: OpenClaw Skill Name: nmap-pentest-scans Version: 0.1.0 The `scripts/nmap_pentest_scans.py` script constructs Nmap commands by directly embedding the user-provided `--target` argument into f-strings without proper shell escaping. This creates a critical shell injection vulnerability. If the AI agent, which is instructed to 'run' these scans via `agents/openai.yaml`, executes the generated commands (e.g., from `recommended-commands.txt` or `scan-plan.json`), a malicious target input could lead to arbitrary command execution on the host running the agent. While the skill includes authorization and scope validation, these do not mitigate the shell injection risk from a malformed but in-scope target.