EdgeIQ Network Scanner
v1.1.0Performs authorized TCP port scanning, service banner grabbing, OS fingerprinting, and host discovery using pure Python without nmap on Windows/WSL/Linux.
⭐ 0· 64·0 current·0 all-time
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included code: scanner.py implements host discovery, TCP connect scans, banner grabbing and OS heuristics. However the SKILL.md claims 'pure stdlib, no required binaries' and cross‑platform macOS support, while the code calls the 'ip' command for local network detection (Linux-specific) and uses platform checks that may behave oddly on some systems. The discord wrapper also hardcodes a specific filesystem path (/home/guy/...), which doesn't match the provided installation instructions.
Instruction Scope
SKILL.md usage and the code align: it instructs local runs and shows example Discord commands. The code performs active network scanning (connecting to ports, sending probes). It does not contain obvious exfiltration (no network calls to external servers), but it will actively send packets to arbitrary targets and may require elevated privileges for some probes. The discord wrapper invokes the scanner via subprocess with user-supplied targets; subprocess.run is used with argv lists (not a shell), reducing shell injection risk.
Install Mechanism
There is no remote installer or download URL; files are included in the skill bundle and SKILL.md instructs copying into the skills folder. That avoids untrusted remote code fetching. Still, the bundle contains executable Python scripts which will run locally when invoked.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate for a local scanning tool; there are no hidden credential requests. (Note: the discord wrapper references local paths but does not require a Discord token.)
Persistence & Privilege
always is false (not forced), and the skill does not declare permanent system changes. It does not attempt to modify other skills or system configurations. Autonomous invocation is permitted (platform default) — this increases potential misuse but is not, by itself, a defect.
What to consider before installing
This skill appears to implement a legitimate pure‑Python network scanner, but exercise caution before installing/running it:
- Review and adjust hardcoded paths: discord_network_command.py hardcodes SCRIPT_PATH (/home/guy/...), which will likely be incorrect for your environment; running without fixing it will fail or run the wrong binary.
- Platform caveats: scanner.py calls the 'ip' command to enumerate local interfaces — that binary is Linux-specific and wasn't declared in SKILL.md. The advertised 'no required binaries' and cross‑platform claims are therefore overstated.
- Privileges & legality: scanning sends network traffic and may need elevated privileges for some probes (and may trigger IDS/IPS). Only scan networks you own or have written permission to audit. Running scans against others can be illegal.
- Execution risk: the package includes executable Python scripts; there is no remote install but the code will run on your machine. If you decide to use it, inspect the full scanner.py (and the truncated portion) locally, run in an isolated/test environment first, and avoid running as root unless necessary.
- Operational controls: if you plan to wire it into chat (Discord), do not expose it to public channels or allow arbitrary users to trigger scans — that can easily be abused to scan external targets from your environment.
If you want this skill but prefer lower risk: 1) fix the hardcoded PATHs and test locally on a controlled network, 2) add an allowlist for target networks/IP ranges, and 3) ensure the environment has the required 'ip' binary or modify get_local_networks to a cross‑platform method.scanner.py:140
Potential obfuscated payload detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestnetwork-scanos-fingerprintport-scanreconnaissancesecurity
Network Scanner Skill
Skill Name: network-scanner
Category: Security / Reconnaissance
Price: Free (v1) / $29 Pro / $39 Bundle
Author: EdgeIQ Labs
OpenClaw Compatible: Yes — Python 3, pure stdlib, WSL + Windows
What It Does
Performs comprehensive network reconnaissance: host discovery, TCP port scanning, service banner grabbing, and OS fingerprinting — without nmap. Pure Python sockets, works on WSL/Linux and Windows.
Designed for authorized security auditing of networks you own or have explicit written permission to scan.
⚠️ Legal Notice: Only scan networks you own or have explicit written permission to audit. Unauthorized scanning is illegal. This tool is for defensive security professionals, penetration testers, and network administrators.
Features
- Host Discovery — ICMP ping sweep + TCP connect probe (works through firewalls)
- Port Scanning — TCP connect scan with configurable depth (quick/normal/intense)
- Banner Grabbing — Identify services and versions running on open ports
- OS Fingerprinting — RTT-based OS detection heuristics
- Pure Python — No nmap required, no external dependencies
- Cross-Platform — WSL/Linux + Windows compatible
- Concurrent Scanning — Multi-threaded for speed
Installation
# Copy the scanner directory into your OpenClaw skills folder
cp -r /home/guy/.openclaw/workspace/apps/network-scanner ~/.openclaw/skills/network-scanner
Usage
Quick Scan (9 ports)
python3 /path/to/scanner.py 192.168.1.0/24 quick
Normal Scan (20 ports)
python3 /path/to/scanner.py 192.168.1.0/24 normal
Intense Scan (100 ports)
python3 /path/to/scanner.py 192.168.1.0/24 intense
Single Host
python3 /path/to/scanner.py 10.0.0.1 normal
As OpenClaw Discord Command
In #net-scan channel:
!net 192.168.1.0/24 normal
!net 10.0.0.1 intense
!net local quick
!net scanme.nmap.org normal
Scan Depth Levels
| Level | Ports Scanned | Best For |
|---|---|---|
quick | 9 | Fast local discovery |
normal | 20 | General reconnaissance |
intense | 100 | Full vulnerability assessment |
Output Example
🔍 Network Scan Results
Target: 10.5.1.0/28 | Mode: normal | Duration: 18.3s
────────────────────────────────────────
[+] 10.5.1.1 alive rtt: 1.2ms os: linux/unix
├── 80/http nginx (likely reverse proxy)
├── 443/https nginx (TLS certificate available)
└── 8080/http nginx (alt http)
[+] 10.5.1.13 alive rtt: 8.7ms os: windows
├── 80/http Apache/Coyote 1.1
└── 443/https OpenSSL
Hosts found: 2 | Ports scanned: 20 | Errors: 0
Free vs Pro
Free (v1)
- Core authorized network scanning
- Manual scan runs
- Console output findings
Pro (subscription)
- Scheduled periodic scans with delta comparison
- Exportable reporting and faster triage workflows
- Alert delivery (Discord/Telegram/Email)
- Priority support and onboarding help
Upgrade Links
- Network Pro ($29/mo): https://buy.stripe.com/7sYaEZeCn5934nW8AE7wA01
- XSS Pro ($19/mo): https://buy.stripe.com/3cI14p0Lxbxr8Ec8AE7wA00
- Bundle ($39/mo): https://buy.stripe.com/aFabJ3am79pjg6E18c7wA02
Architecture
- Language: Python 3 (pure stdlib)
- Dependencies: None (
socket,concurrent.futures,struct,random) - Supported Platforms: Linux/WSL, Windows, macOS
- Concurrency:
concurrent.futures.ThreadPoolExecutor - Scan Types: ICMP ping sweep, TCP connect scan, banner grab, OS fingerprint
Legal & Ethical Use
This tool is for:
- Network administrators auditing their own infrastructure
- Penetration testers assessing client networks with authorization
- Bug bounty researchers (with program approval)
- Security researchers studying their own networks
This tool must NOT be used:
- Against networks without explicit written permission
- On public infrastructure you don't own
- For any unauthorized access or reconnaissance
Support
Email: gpalmieri21@gmail.com
Discord: https://discord.gg/aPhSnrU9
Site: https://edgeiqlabs.com
Comments
Loading comments...