← Back to Skills Marketplace
guo5404

security-test-suite

by guo5404 · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
108
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install security-test-suite
Description
Performs automated security assessments including vulnerability scans, OWASP Top 10 checks, CVE detection, pen-testing, SSL audits, and API security testing...
Usage Guidance
Do not install or run this skill without more information. The skill's name/description claim active security testing and pentesting capabilities, but the included SKILL.md documents a web-health/QA toolkit and references Python scripts that are not included in the package — this mismatch could be sloppy packaging or intentional. Before proceeding: (1) ask the publisher for the missing scripts/source code and a verifiable author/source/homepage; (2) verify the actual code to ensure no hidden exfiltration, backdoors, or destructive tests; (3) if you plan to run any tests, obtain explicit written authorization from target owners and run first in an isolated, non-production environment; (4) be cautious with options that accept auth tokens, cookies, proxies, payloads, and HTTP methods like PUT/DELETE—these can change target state; (5) prefer skills with a clear, verifiable source (GitHub/org releases) and included code that matches the documentation. If you cannot get the source or the author, treat the skill as incomplete/untrusted and avoid use.
Capability Analysis
Type: OpenClaw Skill Name: security-test-suite Version: 1.0.2 The bundle provides documentation and metadata for a 'Web Health & Quality Assurance Suite' (slug: 'security-test-suite') designed for monitoring web service health, SSL status, and API compliance. The instructions in SKILL.md describe a professional set of tools for health checks and security validation, including scripts like `web_health_check.py` and `ssl_monitor.py`. The inclusion of an `AUTHORIZATION_LETTER.md` template and a detailed `TERMS_OF_USE.md` emphasizes ethical and authorized use, and no evidence of malicious intent, data exfiltration, or prompt injection was found in the provided files.
Capability Assessment
Purpose & Capability
The registry metadata and skill name advertise a 'security-test-suite' with vulnerability scans, OWASP checks, CVE detection, and pentesting. The SKILL.md, however, documents a 'Web Health & Quality Assurance Suite' focused on availability, SSL monitoring, and QA. That mismatch is material: a pentesting/security scanner would reasonably require different tooling, code, and credentials. Additionally, the SKILL.md references many scripts (scripts/*.py) that are not present in the package, which makes the claimed capabilities unsupported by the provided files.
Instruction Scope
Runtime instructions tell the agent to execute local scripts (availability_check.py, web_health_check.py, input_validator.py, endpoint_verifier.py, etc.) with options that include --auth, --cookie, --proxy, --methods (including PUT/DELETE), and --payloads. These options allow potentially intrusive or state-changing requests. The SKILL.md doesn't instruct reading arbitrary system files or environment variables, but it does instruct running non-bundled scripts and using payload files and auth tokens supplied to the commands — which could be used for pen-testing. The instructions are also internally inconsistent (referencing scripts that are not bundled), granting broad operational discretion without the actual implementation.
Install Mechanism
There is no install spec and no code files in the package (instruction-only). That minimizes on-disk install risk, but it also means the skill is incomplete: it instructs running scripts that aren't included. Lack of an install mechanism is appropriate for a pure-instructions skill but here highlights incompleteness rather than safety.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md accepts auth tokens, cookies, proxies, and payload files as CLI arguments, which is reasonable for a monitoring/testing toolkit. However, given the skill's advertised scope (CVE detection / pentesting) one might expect additional credentials or tooling; the absence of declared credentials combined with the advertising mismatch is suspicious but not definitive on its own.
Persistence & Privilege
The skill does not request 'always' presence and uses the platform defaults for invocation. It does not attempt to modify other skills or system-wide configuration in the provided materials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install security-test-suite
  3. After installation, invoke the skill by name or use /security-test-suite
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
**Major update: Skill renamed and refocused from security testing to web health monitoring and quality assurance.** - Changed skill name to "web-health-suite". - Updated functionality from security and vulnerability testing to web service health monitoring, compliance validation, and quality assurance. - Replaced scripts and workflow with health checks, compliance validation, SSL certificate monitoring, and API verification. - Revised reporting, script parameters, and result evaluation to center on availability, health, and compliance scoring. - No file changes detected; documentation and description only.
v1.0.1
- Added legal and compliance documentation: AUTHORIZATION_LETTER.md and TERMS_OF_USE.md. - Included manifest file: security-test-suite.skill. - No changes to functionality or usage; this update focuses on formalizing authorization and terms of use requirements.
v1.0.0
这是一个面向 AI Agent 的自动化安全测试工具包,让 AI 能够自主执行渗透测试级别的安全扫描,输出结构化报告。
Metadata
Slug security-test-suite
Version 1.0.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is security-test-suite?

Performs automated security assessments including vulnerability scans, OWASP Top 10 checks, CVE detection, pen-testing, SSL audits, and API security testing... It is an AI Agent Skill for Claude Code / OpenClaw, with 108 downloads so far.

How do I install security-test-suite?

Run "/install security-test-suite" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is security-test-suite free?

Yes, security-test-suite is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does security-test-suite support?

security-test-suite is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created security-test-suite?

It is built and maintained by guo5404 (@guo5404); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments