ClawHub

Pentest Active Directory

v0.1.0

Assess Active Directory identity attack paths including roasting, relay, and delegation abuse.

1· 715·4 current·5 all-time
byMuhammad Mazhar Saeed@0x-professor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with files and references (BloodHound, SharpHound, Impacket, mimikatz, etc.). The included script is an orchestrator that produces canonical artifacts and enforces scope/authorization. Minor mismatch: metadata lists no required binaries while the skill clearly needs a Python runtime and (for real testing) external pentest tools; this is plausible but should be declared.
!
Instruction Scope
SKILL.md and the script enforce scope validation, dry-run behavior, and explicit --i-have-authorization for live runs, which is good. However the runtime script imports pentest_common from a shared path (skills/autonomous-pentester/shared) that is not included in the package metadata shown; load_payload, validate_scope and other helpers are opaque here and could perform additional file/network/credential access. You should inspect that shared module before running non-dry-run executions.
Install Mechanism
No install spec (instruction-only with a Python script) — lowest installer risk. Nothing is downloaded or written by an installer step in the registry manifest.
Credentials
No environment variables, credentials, or config paths are requested in metadata or SKILL.md. This is conservative, but real AD pentesting would normally require credentials and external tools; this skill instead expects input payloads and a shared helper. Confirm where credentials or tool invocations would actually occur before granting access.
Persistence & Privilege
always:false and no indications the skill modifies other skills or system-wide settings. The skill writes output artifacts when run (unless dry-run) but does not request permanent presence or elevated platform privileges.
What to consider before installing
This skill appears to be an AD pentest orchestration tool that properly emphasizes scope checks and requires explicit authorization for live runs, but exercise caution before using it against real targets. Actions to take before installing or running: - Inspect the shared helper module (autonomous-pentester/shared/pentest_common or equivalent) referenced by the script; unknown code there could perform network, file, or credential operations. - Run the tool in --dry-run mode first and review the generated artifacts. - Confirm you have an isolated test environment and written authorization before supplying --i-have-authorization or removing --dry-run. - Verify you have a trusted Python runtime and decide whether you need the external pentest binaries (BloodHound/SharpHound/Impacket/etc.) that the references imply; these are not installed automatically. - If you plan to let an autonomous agent invoke this skill, understand the agent could run it without further prompts; restrict autonomous invocation until you’ve audited the shared code.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pym8mb09wb7wy4h3z7hsts82130c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments