ClawHub

fofamap

v1.0.1

Use this skill when the user wants FOFA-based asset discovery, host profiling, distribution statistics, icon_hash generation, query refinement after zero-res...

1· 67·0 current·0 all-time
by@asaotomo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe FOFA-based asset discovery and the skill requires FOFA credentials (FOFA_EMAIL, FOFA_API_KEY) and python3, which are exactly what's needed to call the FOFA API and run the included helper. The included reference playbooks and corpus support query-building and are coherent with the recon purpose.
Instruction Scope
SKILL.md instructs the agent to run scripts/fofa_recon.py for search/host/stats/icon-hash/monitor-run and to call login for permission profiling. That is in-scope for FOFA workflows, but the runtime instructions also: (a) perform optional live 'alive-check' network probes against target hosts; (b) recommend (but do not forcibly run) downstream active scanning (nuclei) when explicitly requested; and (c) maintain a bounded local memory (results/fofamap_memory) by default. These behaviors are sensible for a recon tool but are notable because they entail active network interactions and local persistence of discovered assets and queries.
Install Mechanism
No install spec is provided (instruction-only + included script), so nothing is downloaded or installed automatically by the registry. The runtime requirement is python3 and the included script files — low install risk.
Credentials
Only FOFA-related credentials are required: FOFA_EMAIL and FOFA_API_KEY (primaryEnv FOFA_API_KEY). Optional env vars in docs (FOFA_BASE_URL, FOFA_TIMEOUT, FOFAMAP_MEMORY_DIR, FOFAMAP_DISABLE_LEARNING) are reasonable for configuration. No unrelated secrets or external service tokens are requested.
Persistence & Privilege
The skill is not force-enabled (always:false) but the included helper keeps local memory by default (results/fofamap_memory) and supports monitor-run for recurring jobs. agents/openai.yaml sets allow_implicit_invocation: true, and model invocation is allowed (disable-model-invocation:false) — normal for skills, but combined with local persistence and scheduled monitor-run modes means the skill can be used in ongoing automation and will write query/results to disk unless configured otherwise.
Assessment
This skill appears coherent for FOFA-based reconnaissance. Before installing: 1) Only provide FOFA_EMAIL and FOFA_API_KEY (do not reuse broader or high-privilege keys). Consider creating a FOFA account with minimal privileges for this purpose. 2) Be aware the helper stores local memory and exports (default results/fofamap_memory and results/ directories); if the findings are sensitive, set FOFAMAP_DISABLE_LEARNING or change FOFAMAP_MEMORY_DIR to a secure location. 3) The tool can perform live 'alive' checks and suggests/hand-offs active scanning (nuclei); do not run those actions against targets without explicit authorization. 4) If you want stricter control, disable implicit/automatic automation on the agent side (avoid scheduling monitor-run or removing allow_implicit_invocation) so runs require explicit user invocation. 5) If you have concerns, review scripts/fofa_recon.py locally (it runs network calls and writes files) and consider executing it in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

asset-discoveryvk976cmz92pxm4gjqntk4rpvz5984rx9tasset-monitoringvk976cmz92pxm4gjqntk4rpvz5984rx9tattack-surfacevk976cmz92pxm4gjqntk4rpvz5984rx9tcybersecurityvk976cmz92pxm4gjqntk4rpvz5984rx9tfofavk976cmz92pxm4gjqntk4rpvz5984rx9tfofamapvk979crby6e3fcse9tfzn96jnx184hkz8host-profilingvk976cmz92pxm4gjqntk4rpvz5984rx9tlatestvk976cmz92pxm4gjqntk4rpvz5984rx9treconnaissancevk976cmz92pxm4gjqntk4rpvz5984rx9tthreat-huntingvk976cmz92pxm4gjqntk4rpvz5984rx9t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗺️ Clawdis
Binspython3
EnvFOFA_EMAIL, FOFA_API_KEY
Primary envFOFA_API_KEY

Comments