Pentest Active Directory
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a dual-use Active Directory pentest template with authorization checks, but the included script appears to generate high-severity findings and downstream artifacts without performing real validation.
Install only if you are running an authorized AD assessment and can review the missing shared helper. Treat the current output as a template or dry-run artifact, not proof of a real finding, unless you independently verify evidence from actual approved testing. Protect or delete generated artifacts if they contain engagement data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or downstream agent could believe a serious AD weakness was validated when the artifact does not show real validation, leading to misplaced trust or unnecessary remediation work.
The script hard-codes a High-severity finding claiming automated/manual testing identified a condition, while the provided code does not run AD checks and even cites a dry-run command as the proof of concept.
'severity':'High','description':'Automated and manual testing identified a security condition requiring remediation.','proof_of_concept':'python scripts/active_directory.py --dry-run'
Do not treat generated findings as confirmed until the skill produces evidence from actual authorized checks. The skill should suppress findings in dry-run mode and clearly label placeholder/template output.
Misuse outside an approved engagement could affect accounts, credentials, or domain trust relationships.
These are credential and privilege-focused AD attack techniques. They are disclosed and aligned with the pentest purpose, but they are sensitive and require authorization.
Assess Active Directory identity attack paths including roasting, relay, and delegation abuse.
Use only with written authorization, a clearly defined scope file, and explicit approval before any live testing.
The skill may fail or may rely on unreviewed code for important safety checks and file-write behavior.
The script depends on an external shared helper for scope validation, artifact path resolution, and output writing, but that helper is not included in this skill's provided file manifest.
SHARED_DIR=Path(__file__).resolve().parents[2]/"autonomous-pentester"/"shared" ... from pentest_common import load_payload,render_result,resolve_artifact_path,resolve_output_file,validate_scope,write_placeholder_artifact
Review and pin the shared pentest_common dependency before use, or require the skill package to include the helper code it depends on.
Sensitive engagement data or misleading findings may be stored in output files and reused by later workflows.
The script persists the loaded input payload and generated finding into artifacts. Combined with the stated downstream consumption workflow, this can propagate sensitive or unverified context.
write_placeholder_artifact(ap,{'skill':SKILL_NAME,'target':args.target,'generated_at':datetime.now(timezone.utc).isoformat(),'input_payload':payload,'findings':[finding]})Use minimal, sanitized input; protect generated artifacts; and require downstream tools to verify evidence and provenance before acting on findings.