Web Security Client-Side Scanner 1773654191

Perform a thorough client-side / browser-facing security assessment of a target web application. Use this skill whenever the user asks to pentest, audit, or...

This skill appears coherent for front-end pentesting, but before installing or running it: 1) obtain explicit, written authorization from the asset owner and confirm the exact scope (which subdomains, paths, or accounts are allowed); 2) decide whether active tools (subdomain enumeration, httpx, nuclei templates) are permitted — these can be more intrusive than pure client-side inspection; 3) avoid sharing high-privilege credentials — if authenticated testing is needed, prefer scoped or test accounts and short-lived credentials; 4) confirm the runtime environment will contain the listed tools (or provide an approved TOOLS_DIR) because the skill assumes external CLI tools will be executed; and 5) plan for safe handling of any secrets or sensitive data discovered in client assets (do not exfiltrate them to external services). If you want, I can produce a shorter checklist of the exact commands and tools the skill will run so you can approve them one-by-one.

Type: OpenClaw Skill Name: web-front-scanner-1773654191 Version: 1.0.0 The skill bundle (SKILL.md) provides a comprehensive framework for conducting client-side security assessments, including reconnaissance, static analysis, and vulnerability validation. It instructs the agent to utilize several high-risk network and security tools such as `nuclei`, `subfinder`, `katana`, and `gau`. While the instructions emphasize non-destructive testing and require user authorization, the inclusion of these broad network and execution capabilities—even when plausibly needed for the stated purpose of a security audit—meets the specific criteria for a suspicious classification. No evidence of intentional malicious behavior, such as data exfiltration or backdoors, was identified.