ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Shells

v1.0.0

Provides diverse web shell samples in PHP, ASP, ASPX, JSP, Python, and Perl for detection, malware analysis, and security testing under authorized conditions.

0· 78·0 current·0 all-time
by@pandaai-1337
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the packaged content: the skill contains many web‑shell samples (PHP, ASP/ASPX, JSP, Python, Perl, shell scripts) and the SKILL.md states the SecLists/Web‑Shells source. The registry metadata lists 'Source: unknown' while the SKILL.md points to the SecLists repo (minor metadata inconsistency), but the requested resources and files are proportionate to the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to read/list files from the skill path and includes an example that reads files locally. It explicitly warns about authorized use. The instructions do not direct the agent to execute the shells, collect unrelated system data, or transmit content to external endpoints — they stay within the stated analysis/detection scope.
Install Mechanism
No install spec (instruction‑only) — lowest installer risk. Note: the skill includes executable sample scripts (sh, war, JSP, etc.). Although there is no automatic install, those files, if executed by a user or agent, perform command execution, file upload, or filesystem access — so the shipped artifacts are dangerous when run.
Credentials
The skill does not request environment variables, credentials, or config paths. That is proportionate. However several included samples reference system paths (/tmp, C:\, etc.) and contain command execution primitives (cfexecute, eval, dd, shell execution). Those are expected in web‑shell samples but are hazardous if executed on a host.
Persistence & Privilege
No elevated persistence requested. always: false and default autonomous invocation are set (normal). The skill does not attempt to modify other skills or system agent configuration.
Assessment
This skill is coherent for security research: it bundles many real web‑shell samples intended for detection and testing. That also means the files are inherently malicious if executed. Before installing or using it: (1) only use in authorized, legal contexts; (2) open and inspect files before running anything; (3) perform analysis in an isolated environment (air‑gapped VM, container, or sandbox) that you can destroy afterward; (4) never run samples on production or connected networks; (5) if uncertain about provenance, prefer to obtain the original SecLists repository directly from GitHub; and (6) ensure you have written authorization for any testing against third‑party systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk977t8wsd01nt8ach7dzcz1t6183a6v0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments