ClawHub

Wireshark Analysis

v1.0.1

Network traffic analysis with Wireshark and tshark. Capture packets, write display and BPF filters, follow TCP/UDP/TLS streams, detect C2 beacons, troublesho...

0· 156·1 current·1 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Wireshark/tshark network analysis) matches the SKILL.md: it requires Wireshark, captures, filters, and stream-following. No unrelated binaries, env vars, or services are requested.
Instruction Scope
SKILL.md contains step‑by‑step capture/filter/analysis guidance and references PCAP files and live capture. It does not instruct reading unrelated files, exfiltrating data, or using unknown external endpoints.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing will be written or downloaded during install.
Credentials
The skill requests no environment variables or credentials. It legitimately notes the need for Wireshark and capture permissions (root/admin) for live captures.
Persistence & Privilege
The skill does not request persistent installation or elevated platform privileges. However, runtime live capture requires administrator/root privileges (a normal requirement for packet capture) which can expose sensitive traffic if used; agents with local command execution could attempt captures if allowed.
Assessment
This skill is an instructional guide for using Wireshark and appears internally consistent. Before using it: ensure Wireshark/tshark are installed from official sources and kept up to date; obtain explicit authorization before doing live captures (capturing network traffic can collect sensitive personal or corporate data and may be illegal without consent); prefer filtered captures to limit data collected; avoid running GUI Wireshark as root (use dumpcap/tshark or proper capture group permissions on Linux); be cautious about decrypting TLS (private keys are sensitive); do not upload raw PCAPs to third parties unless you sanitize them. Note: the skill itself is only instructions — any actual capture or command execution depends on your environment and what permissions/tools the agent has on your machine.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dtm1j5n1qwcnbf4sbcvwvkd83975j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments