← Back to Skills Marketplace
whatyourname12345

Poc Validator

by whatyourname12345 · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
103
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-poc-validator
Description
Automated Vulnerability Verification and Payload Replay Probe. Dynamically executes HTTP requests and analyzes HTTP status codes/error traces (e.g., SQL Inje...
Usage Guidance
This skill behaves as advertised (it replays HTTP requests and extracts error traces), but take these precautions before installing or using it: - Ensure you have explicit authorization to test any target. The skill will send arbitrary payloads and has no built-in permission checks; misuse can be illegal. - The package does not declare runtime dependencies: you need python3 and the Python 'requests' library available where the agent runs. - The script disables TLS verification (verify=False) and will accept self-signed certs; consider modifying this if you need strict TLS validation. - Requests may include Cookie or Authorization headers and the skill prints response headers/body snippets to stdout — avoid sending sensitive credentials as part of tests or ensure logs are protected. - If you plan to run this autonomously, add operational safeguards (rate limits, allowlist of target hosts, explicit confirmation prompts) to avoid accidental scanning/exfiltration. If those conditions are acceptable and you only intend to test authorized targets, the skill is coherent with its stated purpose.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-poc-validator Version: 0.1.0 The skill bundle provides a tool for replaying HTTP requests and analyzing responses for vulnerabilities like SQL injection. While the logic in 'scripts/replay.py' is functional for its stated purpose, it introduces high-risk capabilities including arbitrary network access, SSL verification bypass, and proxy support. Additionally, the command construction pattern in 'SKILL.md' (e.g., python3 scripts/replay.py --url "{URL}") presents a potential command injection vulnerability if the agent's execution environment does not strictly sanitize input parameters. No evidence of intentional malicious behavior such as data exfiltration or persistence was found.
Capability Assessment
Purpose & Capability
The name/description (PoC Validator) aligns with the included script and SKILL.md: both replay HTTP requests and extract error snippets (SQLSTATE, syntax errors, etc.). Nothing requested (no env vars or unrelated binaries) appears out-of-scope. Minor omission: the SKILL.md examples invoke `python3` and the script uses the `requests` library, but the registry metadata lists no required binaries or dependencies — this is an implementation detail mismatch that should be declared.
Instruction Scope
SKILL.md instructions are narrowly focused on accepting a user-provided URL, method, headers (including Cookie and User-Agent), and payload, running scripts/replay.py, and analyzing the response. It does not instruct the agent to read unrelated files or environment variables. However, it explicitly permits replaying 'malicious payloads' against arbitrary targets and contains no built-in authorization checks or rate limits — this means the skill can be used for unauthorized testing if the agent or user supplies unapproved targets/payloads. The SKILL.md warns against mass scanning/DDoS/unauthorized exploitation but does not enforce safeguards.
Install Mechanism
There is no install spec (instruction-only plus a script), which is low-risk. The script requires Python 3 and the third-party 'requests' package, but these requirements are not declared in the registry metadata. No downloads from external URLs or archives are present.
Credentials
The skill requests no environment variables or credentials, which is proportionate. Still, the runtime behavior can transmit or capture sensitive data (cookies, auth headers, and full response bodies) from the target. The skill will print response headers/body snippets to stdout (JSON), so secrets obtained from target responses could be exposed in agent logs — this is expected for this class of tool but worth noting.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system configurations. Model-invocation is enabled by default but not excessive here; autonomous invocation combined with lack of authorization checks could increase misuse risk, but that is an operational concern rather than an incoherence in the skill itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-poc-validator
  3. After installation, invoke the skill by name or use /openclaw-poc-validator
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
**Initial public release of poc-validator.** - Automates vulnerability verification and payload replay for supplied raw HTTP requests or payloads. - Runs test requests via scripts/replay.py and analyzes HTTP responses for errors and stack traces. - Detects and reports signs of SQL injection and server exceptions by scanning response status and error keywords. - Produces clear, standardized validation reports including request details, outcome, and relevant evidence. - Not designed for mass scanning, DDoS, or unauthorized exploitation activities.
Metadata
Slug openclaw-poc-validator
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Poc Validator?

Automated Vulnerability Verification and Payload Replay Probe. Dynamically executes HTTP requests and analyzes HTTP status codes/error traces (e.g., SQL Inje... It is an AI Agent Skill for Claude Code / OpenClaw, with 103 downloads so far.

How do I install Poc Validator?

Run "/install openclaw-poc-validator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Poc Validator free?

Yes, Poc Validator is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Poc Validator support?

Poc Validator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Poc Validator?

It is built and maintained by whatyourname12345 (@whatyourname12345); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments