← Back to Skills Marketplace
0x-professor

Pentest Auth Bypass

by Muhammad Mazhar Saeed · GitHub ↗ · v0.1.0
cross-platform ✓ Security Clean
1024
Downloads
0
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install pentest-auth-bypass
Description
Test authentication and session management controls for bypass and account takeover scenarios.
Usage Guidance
This skill appears coherent for authorized pentesting, but before running it: (1) verify you have written authorization and use --dry-run first; (2) inspect the shared module (autonomous-pentester/shared/pentest_common) to see what external tools or network actions it performs during non-dry-run runs; (3) run tests in an isolated environment and point outputs to a safe folder; (4) confirm scope.json accurately represents authorized targets. If you cannot review the shared helpers, avoid running non-dry-run executions against live targets.
Capability Analysis
Type: OpenClaw Skill Name: pentest-auth-bypass Version: 0.1.0 The OpenClaw skill bundle 'pentest-auth-bypass' is designed for authorized security testing, with robust safeguards in place. The SKILL.md and agents/openai.yaml explicitly emphasize scope validation, authorization, and dry-run mode. The core script, scripts/auth_bypass.py, enforces these checks and, critically, only generates *placeholder* output artifacts rather than executing actual authentication bypass attacks. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection attempts against the agent.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md and the script all align: the skill scaffolds auth/session testing, references common pentest tools, and does not request unrelated credentials or system access.
Instruction Scope
The SKILL.md and script enforce scope validation and require --i-have-authorization for live runs and provide a dry-run mode, which limits accidental active testing. Note: the script imports shared helpers (pentest_common) from an external 'autonomous-pentester/shared' location — those helper functions could invoke external tools or network activity during a non-dry-run run, so review that shared module before executing live tests.
Install Mechanism
No install spec (instruction-only plus a small script) — nothing is downloaded or written during install, reducing risk.
Credentials
No environment variables, credentials, or config paths are requested. The script reads scope and input payload files (declared in CLI) which is proportional to its purpose.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills. It only writes artifacts to the specified output path when run.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pentest-auth-bypass
  3. After installation, invoke the skill by name or use /pentest-auth-bypass
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of pentest-auth-bypass skill. - Tests authentication and session management for bypass and account takeover scenarios. - Validates brute-force resistance, session integrity, and MFA enforcement. - Supports dry-run mode and requires explicit authorization flag for live tests. - Outputs findings and artifacts in standard formats for integration. - Aligns to PTES, OWASP WSTG, NIST, and MITRE ATT&CK standards. - Includes legal notice: authorized use only.
Metadata
Slug pentest-auth-bypass
Version 0.1.0
License
All-time Installs 6
Active Installs 5
Total Versions 1
Frequently Asked Questions

What is Pentest Auth Bypass?

Test authentication and session management controls for bypass and account takeover scenarios. It is an AI Agent Skill for Claude Code / OpenClaw, with 1024 downloads so far.

How do I install Pentest Auth Bypass?

Run "/install pentest-auth-bypass" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pentest Auth Bypass free?

Yes, Pentest Auth Bypass is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Pentest Auth Bypass support?

Pentest Auth Bypass is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pentest Auth Bypass?

It is built and maintained by Muhammad Mazhar Saeed (@0x-professor); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments