Ctf Pwn
v1.0.0Provides binary exploitation (pwn) techniques for CTF challenges. Use when exploiting buffer overflows, format strings, heap vulnerabilities (House of Orange...
⭐ 0· 189·0 current·0 all-time
by@gandli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the contents: extensive pwn techniques (overflows, ROP, heap, kernel, Windows, sandbox escapes) and install instructions for pwntools/ROP tools. One inconsistency: the SKILL.md metadata sets 'user-invocable: "false"' while registry metadata lists the skill as user-invocable (default true). This is a metadata mismatch to be aware of but does not indicate hidden behavior.
Instruction Scope
SKILL.md contains installation and usage instructions (pip, gem, apt, brew, qemu, gdb, etc.) and many exploit recipes. All actions are aligned with a pwn reference. The instructions assume internet access and the ability to run shell/python commands and write files (pwntools scripts, QEMU images). They do not instruct reading unrelated host secrets or calling external endpoints not related to tool installation, but they do imply installing third-party tools from the network and running potentially risky exploit/test code.
Install Mechanism
Instruction-only skill (no install spec, no code files executed by an installer). The SKILL.md recommends installing packages via pip/apt/brew/gem, which is expected for this domain. No downloaded archives or obscure URLs in an automated install step are embedded in the skill package itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The requested capabilities (filesystem agent with bash/Python and internet access) are reasonable for running pwntools/ROP tooling.
Persistence & Privilege
The skill does not request 'always: true' and is not attempting to modify other skills or system-wide agent settings. It does list allowed-tools that include write/edit (consistent with creating exploit scripts), but it doesn't demand permanent presence or elevated platform privileges in metadata.
Assessment
This skill is essentially a large offline reference and cookbook for binary exploitation; that matches its name. Before installing or enabling it: (1) confirm you trust the publisher/source — the package contains detailed exploit recipes that you probably don't want running on a production host; (2) run the agent (and any tool installs the SKILL.md recommends) in a disposable/sandboxed environment (VM or container) because the instructions encourage installing and running low-level tooling and exploit payloads; (3) be aware the SKILL.md expects internet access to install pip/apt/brew packages—if you restrict network access, some recommended tooling won't be available; (4) note the minor metadata mismatch (SKILL.md marks user-invocable=false while registry shows default user-invocable) — verify how your platform enforces invocability if that matters to you. If you need help vetting specific install commands or isolating execution, ask for a safer installation plan (e.g., container image with required tools).Like a lobster shell, security has layers — review code before you run it.
latestvk9775r1xztva2fwnqwzmqv50xh83xvyn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.