Pilot Penetration Testing Setup

v1.0.0

Deploy an automated penetration testing pipeline with 4 agents. Use this skill when: 1. User wants to set up a penetration testing or security assessment pip...

⭐ 0· 79·0 current·0 all-time

byCalin Teodor@teoslayer

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for teoslayer/pilot-penetration-testing-setup.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Pilot Penetration Testing Setup" (teoslayer/pilot-penetration-testing-setup) from ClawHub.
Skill page: https://clawhub.ai/teoslayer/pilot-penetration-testing-setup
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: pilotctl, clawhub
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pilot-penetration-testing-setup

ClawHub CLI

Package manager switcher

npx clawhub@latest install pilot-penetration-testing-setup

Security Scan

Capability signals

Crypto

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Pending

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description match the runtime instructions: installing pilot skills, configuring hostnames, writing a manifest, and establishing handshakes. Declared required binaries (pilotctl, clawhub) are appropriate and expected for the Pilot protocol management tasks described.

ℹ

Instruction Scope

Instructions stay within the described setup: installing role-specific skills, setting hostname, writing a setup manifest to ~/.pilot/setups, initiating handshakes, and using pilotctl publish/subscribe for data flows. Important operational behavior: the reporter role forwards reports externally (webhook/Slack) and the pipeline transmits reconnaissance and vulnerability data between agents — these are expected but involve sensitive data and should be explicitly authorized and configured.

✓

Install Mechanism

This is instruction-only (no install spec). That is lower risk because nothing is downloaded or written by the skill itself beyond the manifest it instructs you to create. The actual installation of other skills is delegated to the user's clawhub; review each installed skill's provenance before proceeding.

ℹ

Credentials

The skill declares no required environment variables, which aligns with the instruction-only nature. However the reporter role references pilot-webhook-bridge and pilot-slack-bridge, which will require webhook URLs and Slack credentials/configuration in practice — those credentials are not declared or discussed in SKILL.md. Expect to supply secrets when configuring those bridges; ensure they are proportionate and stored securely.

✓

Persistence & Privilege

The skill does not request always:true and does not attempt to change other skills' configs. It instructs writing a manifest to ~/.pilot/setups and installing skills via clawhub, which are normal for setup tasks. Autonomous invocation of installed skills is possible (platform default) — combined with network forwarding it increases operational impact, but that is expected for this pipeline.

Assessment

This skill appears to do what it says, but take these precautions before installing: 1) Ensure you have explicit legal authorization to run penetration testing in the target environment — this pipeline will discover and actively test systems. 2) Review and verify the provenance of each skill you will install via clawhub (pilot-discover, pilot-webhook-bridge, pilot-slack-bridge, etc.). 3) Prepare and securely store any webhook URLs or Slack tokens needed by reporter bridges; the SKILL.md doesn't declare these secrets. 4) Isolate the agents (network segmentation, non-production environment) and verify firewall rules for the described ports (e.g., port 1002 and outbound HTTPS) to avoid accidental exposure. 5) Confirm handshakes/peer trust policies before exchanging sensitive findings. If you want greater assurance, ask the author for the exact expectations for webhook/Slack configuration and the source locations (package registry or repository) for each child skill before proceeding.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspilotctl, clawhub

latestvk972yhvwrh2xdvt621w2x8edrx85czwh

79downloads

0stars

1versions

Updated 5d ago

v1.0.0

MIT-0

Penetration Testing Setup

Deploy 4 agents that perform recon, scan vulnerabilities, validate exploits, and generate reports.

Roles

Role	Hostname	Skills	Purpose
recon	`<prefix>-recon`	pilot-discover, pilot-stream-data, pilot-archive	DNS enumeration, port scanning, service fingerprinting
scanner	`<prefix>-scanner`	pilot-task-parallel, pilot-metrics, pilot-dataset	Vulnerability scans, CVE checks, misconfiguration detection
exploiter	`<prefix>-exploiter`	pilot-task-chain, pilot-audit-log, pilot-receipt	Safe proof-of-concept validation, exploitability confirmation
reporter	`<prefix>-reporter`	pilot-webhook-bridge, pilot-share, pilot-slack-bridge	Report generation with findings, risk ratings, remediation

Setup Procedure

Step 1: Ask the user which role this agent should play and what prefix to use.

Step 2: Install the skills for the chosen role:

# For recon:
clawhub install pilot-discover pilot-stream-data pilot-archive
# For scanner:
clawhub install pilot-task-parallel pilot-metrics pilot-dataset
# For exploiter:
clawhub install pilot-task-chain pilot-audit-log pilot-receipt
# For reporter:
clawhub install pilot-webhook-bridge pilot-share pilot-slack-bridge

Step 3: Set the hostname:

pilotctl --json set-hostname <prefix>-<role>

Step 4: Write the setup manifest:

mkdir -p ~/.pilot/setups
cat > ~/.pilot/setups/penetration-testing.json << 'MANIFEST'
<INSERT ROLE MANIFEST FROM BELOW>
MANIFEST

Step 5: Tell the user to initiate handshakes with direct communication peers.

Manifest Templates Per Role

recon

{
  "setup": "penetration-testing", "setup_name": "Penetration Testing",
  "role": "recon", "role_name": "Reconnaissance Agent",
  "hostname": "<prefix>-recon",
  "description": "Performs passive and active reconnaissance — DNS enumeration, port scanning, service fingerprinting.",
  "skills": {
    "pilot-discover": "Enumerate DNS records, subdomains, and service endpoints.",
    "pilot-stream-data": "Stream port scan results and fingerprints in real time.",
    "pilot-archive": "Archive recon snapshots for baseline comparison."
  },
  "peers": [{"role": "scanner", "hostname": "<prefix>-scanner", "description": "Receives recon results for vulnerability scanning"}],
  "data_flows": [{"direction": "send", "peer": "<prefix>-scanner", "port": 1002, "topic": "recon-result", "description": "Recon results with target profile and services"}],
  "handshakes_needed": ["<prefix>-scanner"]
}

scanner

{
  "setup": "penetration-testing", "setup_name": "Penetration Testing",
  "role": "scanner", "role_name": "Vulnerability Scanner",
  "hostname": "<prefix>-scanner",
  "description": "Runs automated vulnerability scans, checks CVE databases, identifies misconfigurations.",
  "skills": {
    "pilot-task-parallel": "Run multiple scan tools in parallel across target services.",
    "pilot-metrics": "Track scan coverage, finding counts, and severity distribution.",
    "pilot-dataset": "Store CVE matches and vulnerability metadata."
  },
  "peers": [{"role": "recon", "hostname": "<prefix>-recon", "description": "Sends recon results"}, {"role": "exploiter", "hostname": "<prefix>-exploiter", "description": "Receives vulnerability findings"}],
  "data_flows": [
    {"direction": "receive", "peer": "<prefix>-recon", "port": 1002, "topic": "recon-result", "description": "Recon results with target profile and services"},
    {"direction": "send", "peer": "<prefix>-exploiter", "port": 1002, "topic": "vulnerability", "description": "Vulnerability findings with CVE and severity"}
  ],
  "handshakes_needed": ["<prefix>-recon", "<prefix>-exploiter"]
}

exploiter

{
  "setup": "penetration-testing", "setup_name": "Penetration Testing",
  "role": "exploiter", "role_name": "Exploit Validator",
  "hostname": "<prefix>-exploiter",
  "description": "Validates discovered vulnerabilities with safe proof-of-concept tests, confirms exploitability.",
  "skills": {
    "pilot-task-chain": "Chain validation steps: verify, exploit, document evidence.",
    "pilot-audit-log": "Log all validation attempts with timestamps and results.",
    "pilot-receipt": "Confirm receipt of vulnerability findings from scanner."
  },
  "peers": [{"role": "scanner", "hostname": "<prefix>-scanner", "description": "Sends vulnerability findings"}, {"role": "reporter", "hostname": "<prefix>-reporter", "description": "Receives validated findings"}],
  "data_flows": [
    {"direction": "receive", "peer": "<prefix>-scanner", "port": 1002, "topic": "vulnerability", "description": "Vulnerability findings with CVE and severity"},
    {"direction": "send", "peer": "<prefix>-reporter", "port": 1002, "topic": "validated-finding", "description": "Validated findings with proof-of-concept evidence"}
  ],
  "handshakes_needed": ["<prefix>-scanner", "<prefix>-reporter"]
}

reporter

{
  "setup": "penetration-testing", "setup_name": "Penetration Testing",
  "role": "reporter", "role_name": "Pentest Reporter",
  "hostname": "<prefix>-reporter",
  "description": "Generates pentest reports with findings, risk ratings, remediation steps, and executive summary.",
  "skills": {
    "pilot-webhook-bridge": "Deliver reports to client portals and ticketing systems.",
    "pilot-share": "Share report drafts with stakeholders for review.",
    "pilot-slack-bridge": "Notify security team of completed assessments."
  },
  "peers": [{"role": "exploiter", "hostname": "<prefix>-exploiter", "description": "Sends validated findings with evidence"}],
  "data_flows": [
    {"direction": "receive", "peer": "<prefix>-exploiter", "port": 1002, "topic": "validated-finding", "description": "Validated findings with proof-of-concept evidence"},
    {"direction": "send", "peer": "external", "port": 443, "topic": "pentest-report", "description": "Pentest report via webhook and Slack"}
  ],
  "handshakes_needed": ["<prefix>-exploiter"]
}

Data Flows

recon -> scanner : recon-result events (port 1002)
scanner -> exploiter : vulnerability events (port 1002)
exploiter -> reporter : validated-finding events (port 1002)
reporter -> external : pentest-report via webhook (port 443)

Handshakes

# recon <-> scanner:
pilotctl --json handshake <prefix>-scanner "setup: penetration-testing"
pilotctl --json handshake <prefix>-recon "setup: penetration-testing"
# scanner <-> exploiter:
pilotctl --json handshake <prefix>-exploiter "setup: penetration-testing"
pilotctl --json handshake <prefix>-scanner "setup: penetration-testing"
# exploiter <-> reporter:
pilotctl --json handshake <prefix>-reporter "setup: penetration-testing"
pilotctl --json handshake <prefix>-exploiter "setup: penetration-testing"

Workflow Example

# On scanner — subscribe to recon results:
pilotctl --json subscribe <prefix>-recon recon-result
# On exploiter — subscribe to vulnerabilities:
pilotctl --json subscribe <prefix>-scanner vulnerability
# On reporter — subscribe to validated findings:
pilotctl --json subscribe <prefix>-exploiter validated-finding
# On recon — publish a recon result:
pilotctl --json publish <prefix>-scanner recon-result '{"target":"app.example.com","open_ports":[22,80,443,8080]}'
# On exploiter — publish a validated finding:
pilotctl --json publish <prefix>-reporter validated-finding '{"cve":"CVE-2023-46589","validated":true,"impact":"RCE"}'

Dependencies

Requires pilot-protocol skill, pilotctl binary, clawhub binary, and a running daemon.

Comments

Loading comments...