Nmap Recon
v1.0.0Perform network reconnaissance and port scanning with Nmap to find open ports, detect services, identify vulnerabilities, and enumerate targets accurately.
⭐ 1· 3.2k·26 current·26 all-time
by@nsahal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name, description (SKILL.md), and skill.json consistently describe Nmap-based network reconnaissance and the commands required (nmap, sudo for some scans). However the top-level registry metadata provided earlier listed no required binaries while SKILL.md and skill.json clearly reference 'nmap' and Linux — a minor inconsistency in declared requirements/OS targeting.
Instruction Scope
SKILL.md contains concrete nmap commands (including SYN/OS detection requiring root), parsing examples, and references local paths like /usr/share/nmap/scripts and tools such as xmllint/grep/awk. These instructions stay within the stated purpose, but they do instruct potentially intrusive, root-privileged scans and rely on additional CLI tools that are not explicitly declared in the registry metadata.
Install Mechanism
This is an instruction-only skill with no install spec or code files; nothing is downloaded or written by the skill distribution itself.
Credentials
The skill requests no environment variables or credentials, which is proportionate for a local scanning helper. There are no requests for unrelated secrets or config paths.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal). Model invocation is allowed (default), so an agent could run scans autonomously if given permission — this is expected for skills but be mindful that autonomous scanning is potentially disruptive if triggered without user confirmation.
Assessment
This skill is coherent for performing Nmap scans, but before installing consider: 1) ensure you only run it against systems you own or have written authorization for — network scanning can have legal consequences; 2) confirm Nmap and any parsing tools (xmllint, grep, awk) are available on the target Linux system; 3) note the skill sometimes recommends sudo/root — do not grant persistent elevated privileges to an agent without explicit control and prompts; 4) fix the small metadata mismatches (registry vs skill.json/SKILL.md) if you maintain the skill, and consider restricting autonomous invocation or requiring explicit user confirmation before executing scans.Like a lobster shell, security has layers — review code before you run it.
latestvk972yty38c3e654t2bkng2j3cs7zywc1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.