← Back to Skills Marketplace

Tech Security Audit

Name: Tech Security Audit
Author: jacqueslauren

by JacquesLauren · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1000

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install tech-security-audit

Description

Performs local network scans using Nmap to detect vulnerabilities, identify service versions, and fingerprint operating systems.

Usage Guidance

What to check before installing: - Confirm you have explicit authorization to scan any network targets you will test — unauthorized scanning can be illegal or disruptive. - Ensure Nmap is installed and in PATH; the skill's docs require it but the registry metadata does not declare it as a required binary. Expect to install Nmap yourself. - If you will pass user-provided targets to this skill (especially in multi-user or automated contexts), validate or restrict those inputs to avoid accidental scans of third-party addresses or private ranges you don't control. - Running the skill will execute the local nmap binary via subprocess.run. That is expected for this functionality, but be mindful: the agent could perform noisy scans if invoked autonomously. Consider limiting autonomous invocation or adding governance controls before allowing the agent to run this skill without explicit user confirmation. - If you need stronger guarantees, review/modify the code to enforce allowed target ranges, rate limits, logging/auditing, and to surface scan parameters to the user rather than using defaults.

Capability Analysis

Type: OpenClaw Skill Name: tech-security-audit Version: 1.0.0 The skill is classified as suspicious due to its core functionality in `nmap_scanner.py` which executes `nmap` via `subprocess.run`. While the use of `nmap` is aligned with the stated 'Tech Security Audit' purpose, it grants broad network access and reconnaissance capabilities. The `target` parameter is user-controlled, posing a significant risk of misuse if an AI agent is prompted to scan unauthorized internal networks or sensitive targets, even though the code itself does not exhibit direct shell injection vulnerabilities or explicit malicious intent like data exfiltration or persistence.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md, README, and code all state this is an Nmap-integrated network scanner and the code legitimately invokes the nmap binary. However, the registry metadata lists no required binaries while the docs explicitly require Nmap in PATH — that mismatch is an incoherence (the skill should declare 'nmap' as a required binary). Other than that omission, the requested resources (no credentials, no external endpoints) align with the stated purpose.

✓ Instruction Scope

Runtime instructions are limited to calling run_nmap_scan and the shipped code only runs the local 'nmap' executable (via subprocess.run with a list of args) and parses its XML output. The SKILL.md does not ask the agent to read unrelated files, exfiltrate data, or call external endpoints. One operational caution: the code does not sanitize or validate user-supplied targets beyond passing them as an argument to nmap — while list-based subprocess avoids shell injection, untrusted inputs could still cause unintended scans or be interpreted by nmap in unexpected ways.

✓ Install Mechanism

No install spec is present and all code is included in the package — nothing is downloaded or written during install. This is low-risk from an installation standpoint. Note: the skill depends on the system having Nmap installed (manually), which the package metadata fails to declare.

✓ Credentials

The skill requests no environment variables, credentials, or config paths — appropriate for a local scanner that invokes an external tool. There are no surprising credential requests or unrelated env access.

ℹ Persistence & Privilege

always:false (normal). The skill can be invoked autonomously by the agent (platform default). Because network scanning is sensitive and potentially disruptive or legally restricted, consider whether you want the agent to invoke scans autonomously; that risk stems from scan behavior, not from elevated privileges requested by the skill itself.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install tech-security-audit
After installation, invoke the skill by name or use /tech-security-audit
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of Tech Security Audit Skill: - Adds Nmap-based local network scanning capabilities. - Detects active services, vulnerabilities, and their versions. - Supports OS fingerprinting for scanned hosts. - Requires Nmap installed and accessible in PATH.

Metadata

Slug tech-security-audit

Version 1.0.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Tech Security Audit?

Performs local network scans using Nmap to detect vulnerabilities, identify service versions, and fingerprint operating systems. It is an AI Agent Skill for Claude Code / OpenClaw, with 1000 downloads so far.

How do I install Tech Security Audit?

Run "/install tech-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Tech Security Audit free?

Yes, Tech Security Audit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Tech Security Audit support?

Tech Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Tech Security Audit?

It is built and maintained by JacquesLauren (@jacqueslauren); the current version is v1.0.0.

More Skills