Skillv0.1.0

ClawScan security

Pentest Active Directory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 9:54 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (AD pentest orchestration) matches its contents, but it relies on an undeclared shared module and omits expected runtime dependencies—review the shared code and run only in dry-run/isolated environments before giving it authorization to execute live tests.
Guidance: This skill appears to be an AD pentest orchestration tool that properly emphasizes scope checks and requires explicit authorization for live runs, but exercise caution before using it against real targets. Actions to take before installing or running: - Inspect the shared helper module (autonomous-pentester/shared/pentest_common or equivalent) referenced by the script; unknown code there could perform network, file, or credential operations. - Run the tool in --dry-run mode first and review the generated artifacts. - Confirm you have an isolated test environment and written authorization before supplying --i-have-authorization or removing --dry-run. - Verify you have a trusted Python runtime and decide whether you need the external pentest binaries (BloodHound/SharpHound/Impacket/etc.) that the references imply; these are not installed automatically. - If you plan to let an autonomous agent invoke this skill, understand the agent could run it without further prompts; restrict autonomous invocation until you’ve audited the shared code.

Review Dimensions

Purpose & Capability: noteName/description align with files and references (BloodHound, SharpHound, Impacket, mimikatz, etc.). The included script is an orchestrator that produces canonical artifacts and enforces scope/authorization. Minor mismatch: metadata lists no required binaries while the skill clearly needs a Python runtime and (for real testing) external pentest tools; this is plausible but should be declared.
Instruction Scope: concernSKILL.md and the script enforce scope validation, dry-run behavior, and explicit --i-have-authorization for live runs, which is good. However the runtime script imports pentest_common from a shared path (skills/autonomous-pentester/shared) that is not included in the package metadata shown; load_payload, validate_scope and other helpers are opaque here and could perform additional file/network/credential access. You should inspect that shared module before running non-dry-run executions.
Install Mechanism: okNo install spec (instruction-only with a Python script) — lowest installer risk. Nothing is downloaded or written by an installer step in the registry manifest.
Credentials: noteNo environment variables, credentials, or config paths are requested in metadata or SKILL.md. This is conservative, but real AD pentesting would normally require credentials and external tools; this skill instead expects input payloads and a shared helper. Confirm where credentials or tool invocations would actually occur before granting access.
Persistence & Privilege: okalways:false and no indications the skill modifies other skills or system-wide settings. The skill writes output artifacts when run (unless dry-run) but does not request permanent presence or elevated platform privileges.