← Back to Skills Marketplace
hostilespider

Recon Quick

by HostileSpider · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
202
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install recon-quick
Description
Fast OSINT and reconnaissance presets using bbot and nmap. One-command subdomain enumeration, port scanning, and web fingerprinting for bug bounty recon.
Usage Guidance
This skill appears to do what it says: it orchestrates local calls to bbot and nmap and writes results into the specified output folder. Before installing/using it: 1) Ensure you have authorization to scan the target — network scanning can be illegal or against policy. 2) Installing 'bbot' via pipx installs code from PyPI; review the bbot package (or use a pinned version) if you need stronger supply-chain assurance. 3) The script runs subprocesses (bbot, nmap) which will make network requests to targets; no hidden exfiltration was found. 4) Note a few CLI flags in SKILL.md (e.g., --proxy, --wordlist) are present but not fully wired in the script — this is a functional issue, not a security one. If you want higher confidence, inspect the bbot package source and run the script in a controlled environment first.
Capability Analysis
Type: OpenClaw Skill Name: recon-quick Version: 1.0.0 The 'recon-quick' skill is a legitimate utility for performing OSINT and network reconnaissance using established tools like `bbot` and `nmap`. The implementation in `scripts/recon.py` follows safe practices by using list-based `subprocess.run` calls and lacks any evidence of malicious behavior, such as data exfiltration, unauthorized access, or persistence mechanisms. Its functionality is entirely consistent with its stated purpose of automating bug bounty recon tasks.
Capability Assessment
Purpose & Capability
Name/description, declared required binaries (bbot, nmap), SKILL.md instructions, and the included scripts all align: the tool orchestrates bbot and nmap to enumerate subdomains, probe HTTP, and run port scans. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md instructs installing bbot (pipx) and nmap and shows how to run the included script. The runtime script invokes only bbot and nmap, reads/writes outputs under the specified output directory, and does not access system credentials, other files, or external endpoints beyond those tools' network activity. It prints/logs progress but does not exfiltrate data to hidden hosts.
Install Mechanism
This is an instruction-only skill with a pipx install recommendation for the public 'bbot' package. Installing a PyPI package via pipx is expected for this purpose but carries the usual supply-chain risk of third-party packages (arbitrary code can run at install/runtime). No obscure download URLs or archive extraction were used.
Credentials
No environment variables, credentials, or config paths are requested. The API/credential footprint is minimal and appropriate for the stated functionality.
Persistence & Privilege
The skill is not force-enabled (always: false), does not request persistent system privileges, and does not modify other skills or global agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install recon-quick
  3. After installation, invoke the skill by name or use /recon-quick
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — fast OSINT presets using bbot and nmap
Metadata
Slug recon-quick
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Recon Quick?

Fast OSINT and reconnaissance presets using bbot and nmap. One-command subdomain enumeration, port scanning, and web fingerprinting for bug bounty recon. It is an AI Agent Skill for Claude Code / OpenClaw, with 202 downloads so far.

How do I install Recon Quick?

Run "/install recon-quick" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Recon Quick free?

Yes, Recon Quick is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Recon Quick support?

Recon Quick is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Recon Quick?

It is built and maintained by HostileSpider (@hostilespider); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments