ClawHub

Pentest Auth Bypass

v0.1.0

Test authentication and session management controls for bypass and account takeover scenarios.

0· 741·5 current·5 all-time
byMuhammad Mazhar Saeed@0x-professor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md and the script all align: the skill scaffolds auth/session testing, references common pentest tools, and does not request unrelated credentials or system access.
Instruction Scope
The SKILL.md and script enforce scope validation and require --i-have-authorization for live runs and provide a dry-run mode, which limits accidental active testing. Note: the script imports shared helpers (pentest_common) from an external 'autonomous-pentester/shared' location — those helper functions could invoke external tools or network activity during a non-dry-run run, so review that shared module before executing live tests.
Install Mechanism
No install spec (instruction-only plus a small script) — nothing is downloaded or written during install, reducing risk.
Credentials
No environment variables, credentials, or config paths are requested. The script reads scope and input payload files (declared in CLI) which is proportional to its purpose.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills. It only writes artifacts to the specified output path when run.
Assessment
This skill appears coherent for authorized pentesting, but before running it: (1) verify you have written authorization and use --dry-run first; (2) inspect the shared module (autonomous-pentester/shared/pentest_common) to see what external tools or network actions it performs during non-dry-run runs; (3) run tests in an isolated environment and point outputs to a safe folder; (4) confirm scope.json accurately represents authorized targets. If you cannot review the shared helpers, avoid running non-dry-run executions against live targets.

Like a lobster shell, security has layers — review code before you run it.

latestvk978c7gefrvvt6zns4wdz0s4r1821myn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments