ClawHub

Recon Quick

v1.0.0

Fast OSINT and reconnaissance presets using bbot and nmap. One-command subdomain enumeration, port scanning, and web fingerprinting for bug bounty recon.

0· 83·0 current·0 all-time
by@hostilespider
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared required binaries (bbot, nmap), SKILL.md instructions, and the included scripts all align: the tool orchestrates bbot and nmap to enumerate subdomains, probe HTTP, and run port scans. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md instructs installing bbot (pipx) and nmap and shows how to run the included script. The runtime script invokes only bbot and nmap, reads/writes outputs under the specified output directory, and does not access system credentials, other files, or external endpoints beyond those tools' network activity. It prints/logs progress but does not exfiltrate data to hidden hosts.
Install Mechanism
This is an instruction-only skill with a pipx install recommendation for the public 'bbot' package. Installing a PyPI package via pipx is expected for this purpose but carries the usual supply-chain risk of third-party packages (arbitrary code can run at install/runtime). No obscure download URLs or archive extraction were used.
Credentials
No environment variables, credentials, or config paths are requested. The API/credential footprint is minimal and appropriate for the stated functionality.
Persistence & Privilege
The skill is not force-enabled (always: false), does not request persistent system privileges, and does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: it orchestrates local calls to bbot and nmap and writes results into the specified output folder. Before installing/using it: 1) Ensure you have authorization to scan the target — network scanning can be illegal or against policy. 2) Installing 'bbot' via pipx installs code from PyPI; review the bbot package (or use a pinned version) if you need stronger supply-chain assurance. 3) The script runs subprocesses (bbot, nmap) which will make network requests to targets; no hidden exfiltration was found. 4) Note a few CLI flags in SKILL.md (e.g., --proxy, --wordlist) are present but not fully wired in the script — this is a functional issue, not a security one. If you want higher confidence, inspect the bbot package source and run the script in a controlled environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97daz3fny54wsabndvm2jk7a183vm7c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binsbbot, nmap

Comments