ClawHub

Security Scanner

Automated security scanning and vulnerability detection for web applications, APIs, and infrastructure. Use when you need to scan targets for vulnerabilities, check SSL certificates, find open ports, detect misconfigurations, or perform security audits. Integrates with nmap, nuclei, and other security tools.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 4.7k · 58 current installs · 58 all-time installs
bydmx@dmx64
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly expects nmap, nuclei, sslscan, nikto, testssl.sh and similar tools, but the skill metadata lists no required binaries, no install spec, and no primary credential. A legitimate security-scanner skill would normally declare the expected tools or provide an install path; the omission is inconsistent.
Instruction Scope
Instructions are precise command examples for port, vuln, and SSL scanning and include an ethics note. They do not request unrelated files or credentials and do not appear to exfiltrate data, but they assume the agent can run potentially intrusive network-scanning commands — which can be abused if run against unauthorized targets. The guidance does not include runtime checks (e.g., verify authorization) beyond a short ethics bullet.
Install Mechanism
This is instruction-only (no install spec and no code). That's low risk from arbitrary downloads, but also problematic because the SKILL.md depends on external CLI tools and provides no instructions for obtaining or verifying them. If an agent tried to satisfy missing tools automatically, behavior is undefined.
Credentials
The skill requests no environment variables, credentials, or config paths, which is appropriate for a command-line scanning checklist. There is no unexplained secret access requested.
Persistence & Privilege
The skill does not request persistent presence (always: false), does not modify system or other-skill configs, and does not attempt to store credentials. Autonomous invocation is allowed by platform default but is not additionally privileged here.
What to consider before installing
This SKILL.md contains useful, explicit commands for running network and web-application scanners, but the package metadata fails to declare the required tools or provide an install method. Before installing or enabling it: (1) verify the skill's source and trustworthiness (no homepage or known owner info here); (2) ensure the required tools (nmap, nuclei, sslscan, nikto, testssl.sh) are installed from official sources and available in a controlled environment; (3) never run these commands against targets for which you do not have written authorization; (4) prefer a skill that declares required binaries or includes a vetted install step so you know exactly what will be executed; and (5) if you allow autonomous invocation, restrict the agent's network and system permissions to avoid accidental or malicious scanning of unauthorized targets.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk971rawqzpnaq7b6jr9yk0ep1180ttdr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Security Scanner

Automated security scanning toolkit for penetration testing and vulnerability assessment.

Quick Start

Port Scan

nmap -sV -sC -oN scan.txt TARGET

Vulnerability Scan

nuclei -u TARGET -o results.txt

SSL Check

sslscan TARGET

Scan Types

1. Quick Recon

Fast initial scan for live hosts and open ports:

nmap -sn -T4 SUBNET  # Host discovery
nmap -F TARGET       # Fast port scan (top 100)

2. Full Port Scan

Comprehensive port and service detection:

nmap -p- -sV -sC -A TARGET -oN full_scan.txt

3. Web Application Scan

nuclei -u https://TARGET -t cves/ -t vulnerabilities/ -o web_vulns.txt
nikto -h TARGET -o nikto_report.txt

4. SSL/TLS Analysis

sslscan TARGET
testssl.sh TARGET

Output

Save reports to reports/security-scan-YYYY-MM-DD.md with:

  • Target information
  • Open ports and services
  • Vulnerabilities found (severity rated)
  • Recommendations

Ethics

  • Only scan authorized targets
  • Get written permission before testing
  • Report vulnerabilities responsibly
  • Never exploit without authorization

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…