ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

net-vuln-scan

v1.2.0

网络安全漏洞检测工具。用于检测本地网络和主机的常见安全漏洞,包括: (1) 开放端口检测与风险评估 (2) 弱密码和默认凭证检测 (3) SSL/TLS 证书问题 (4) 常见服务漏洞检测 (5) 网络配置安全检查 (6) 敏感端口暴露检测。 适用于:安全审计、渗透测试前自查、系统加固、服务器上线检查。 注意:仅...

0· 279·1 current·1 all-time
by@aritz-china

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aritz-china/net-vuln-scan.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "net-vuln-scan" (aritz-china/net-vuln-scan) from ClawHub.
Skill page: https://clawhub.ai/aritz-china/net-vuln-scan
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install net-vuln-scan

ClawHub CLI

Package manager switcher

npx clawhub@latest install net-vuln-scan
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included scanning scripts (port scan, SSL, CVE, weak-pass checks, platform checks). Requesting no credentials and no special binaries is consistent with a local/network scanner. However, the skill advertises cloud metadata checks (AWS/Azure) which are sensitive in cloud contexts — those checks are present in code and are reasonable for a scanner but increase sensitivity of running it on cloud VMs.
!
Instruction Scope
SKILL.md and references show commands for network discovery (e.g., scripts/network_discovery.py) but that script is not present in the file manifest — references/examples.md uses scripts that are missing. The docs claim scan frequency limits and 'limited attempt' behavior for weak-password checks, but the port scanner code does not implement rate-throttling enforcement and the weakpass script contents were not fully available for review. Some platform detection functions (scripts/platform_check.py) check only localhost (127.0.0.1) even though SKILL.md implies scanning remote targets, a mismatch in scope/targeting.
Install Mechanism
No install spec (instruction-only) which is low-risk from an installation perspective. The package does include multiple .py scripts bundled in the skill — they will be executed when invoked but nothing is downloaded from external servers during install. No suspicious remote download URLs were present.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. However, several scripts actively attempt to access cloud metadata endpoints (http://169.254.169.254) to detect AWS/Azure metadata service availability; if run on cloud instances this may expose instance credentials or metadata to the operator or other tooling. The skill itself doesn't appear to exfiltrate metadata, but running it on cloud-hosted agents is sensitive.
Persistence & Privilege
No persistent privileges requested (always:false). The skill does write report files to the current directory when run (scripts/report_gen.py), which is expected. It does not modify other skills or global agent settings.
What to consider before installing
This package is broadly what it claims (a local/network vuln scanner), but review and caution are recommended before running: 1) Several docs/examples reference scripts that are missing (e.g., network_discovery.py) — expect gaps. 2) platform_check.py contains logic limited to localhost while SKILL.md suggests remote/platform-wide checks — behavior may not match expectations. 3) The skill probes cloud metadata endpoints (169.254.169.254); avoid running it on production cloud instances you don't control or where metadata contains sensitive credentials. 4) Inspect scripts/weakpass_check.py before use to confirm it enforces attempt limits and won't perform uncontrolled brute-force attempts against third-party hosts. 5) The README claims scan-rate limits; the port scanner does not enforce throttling — if you will scan networks, run in a controlled environment and ensure you have authorization. If you need to proceed, run the tools on an isolated host or lab VM and audit the weakpass and platform scripts first.

Like a lobster shell, security has layers — review code before you run it.

latestvk977c46myy741zm94q3sx0p8z1835q2b
279downloads
0stars
4versions
Updated 23h ago
v1.2.0
MIT-0
@aritz-china
latest
Download

网络安全漏洞检测

概述

本技能提供主机和网络服务的安全漏洞检测能力。采用被动检测和指纹识别方式,发现潜在安全问题并提供修复建议。

检测项目

1. 端口扫描与风险评估

检测目标主机的开放端口,识别高风险服务。

检测内容:

  • 常见高风险端口:21(FTP)、23(Telnet)、3389(RDP)、3306(MySQL)、5432(PostgreSQL)、6379(Redis)
  • 敏感服务端口
  • 建议关闭的端口

2. 弱密码与默认凭证检测

检测常见服务的默认或弱密码。

检测内容:

  • SSH 弱密码检测(限制尝试次数)
  • FTP 默认凭证
  • 数据库默认端口检测
  • 常见管理后台

3. SSL/TLS 证书检测

检测 HTTPS 服务的证书问题。

检测内容:

  • 证书过期检测
  • 证书链完整性
  • 弱加密算法(SSLv3、TLS 1.0/1.1)
  • 缺失 HSTS 头

4. 网络配置检测

检测主机的网络配置安全隐患。

检测内容:

  • 防火墙状态
  • 共享目录检测
  • 本地管理员账户
  • 来宾账户状态

5. 敏感信息泄露检测

检测常见配置文件的敏感信息泄露。

检测内容:

  • 硬编码密码检测
  • API Key 泄露
  • 配置文件权限

使用方式

本地安全检测(推荐)

检测本机或内网主机的安全状况:

检测本机开放端口:scan ports localhost
检测远程主机:scan ports 192.168.1.1
SSL 证书检测:check ssl example.com
全面安全扫描:scan full 192.168.1.1

快速命令参考

命令说明
scan ports <target>端口扫描
check ssl <domain>SSL 证书检测
scan weakpass <target>弱密码检测
scan network内网主机发现
scan full <target>全面扫描
report生成安全报告

检测结果解读

风险等级

  • 🔴 高危:立即修复,可能导致被入侵
  • 🟡 中危:建议修复,存在一定风险
  • 🟢 低危:可选修复,安全性增强

常见漏洞修复

漏洞修复建议
开放 23 端口关闭 Telnet,使用 SSH
开放 3389 端口仅内网访问,启用 NLA
MySQL 弱密码修改强密码,限制远程访问
SSL 证书过期续期证书,配置自动更新
开放 6379(Redis)绑定 127.0.0.1,设置密码

输出格式

检测结果以结构化报告呈现,包含:

  • 漏洞列表(按风险等级排序)
  • 详细描述和影响
  • 修复建议
  • 参考链接

使用限制

  • 仅用于授权系统检测
  • 扫描频率限制:每秒 10 个端口
  • 禁止对未授权目标进行检测
  • 敏感操作需要管理员权限

新增功能:CVE 漏洞检测 (2026年3月更新)

检测最新高危漏洞

CVE ID漏洞名称严重程度CVSS
CVE-2026-21514Microsoft Word OLE 绕过HIGH7.8
CVE-2026-21262SQL Server 权限提升HIGH8.8
CVE-2026-26110Office 远程代码执行CRITICAL8.4
CVE-2026-26127.NET 拒绝服务HIGH7.5

CVE 检测命令

# 检测所有高危 CVE
python scripts/cve_check.py all

# 检测指定 CVE
python scripts/cve_check.py CVE-2026-21514

# 检测 Office 漏洞
python scripts/cve_check.py CVE-2026-26110

新增功能:综合平台漏洞检测 (2026年3月更新)

各平台漏洞检测

支持检测以下平台的安全漏洞:

平台类别检测内容
数据库MySQL, PostgreSQL, Redis, MongoDB, MSSQL
网络服务SSH, Telnet, RDP, VPN
Web 服务Apache, Nginx, IIS
云服务AWS/Azure/GCP 元数据服务
容器/虚拟化Docker, Kubernetes, VMware

平台检测命令

# 检测所有平台
python scripts/platform_check.py all

# 按平台检测
python scripts/platform_check.py 1    # 数据库平台
python scripts/platform_check.py 2    # 网络服务
python scripts/platform_check.py 3    # Web 服务
python scripts/platform_check.py 4    # 云服务
python scripts/platform_check.py 5    # 容器/虚拟化

CVE 检测命令

# 检测所有高危 CVE
python scripts/cve_check.py all

# 检测指定 CVE
python scripts/cve_check.py CVE-2026-21514

相关脚本

  • scripts/port_scan.py - 端口扫描
  • scripts/ssl_check.py - SSL 证书检测
  • scripts/weakpass_check.py - 弱密码检测
  • scripts/cve_check.py - CVE 漏洞检测
  • scripts/platform_check.py - 综合平台漏洞检测 (新增)
  • scripts/report_gen.py - 报告生成

详细使用见 references/ 目录。

Comments

Loading comments...