← Back to Skills Marketplace
Awesome Pentest
by
bytesagain4
· GitHub ↗
· v2.0.0
· MIT-0
306
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install awesome-pentest
Description
Browse curated penetration testing resources and exploit databases. Use when planning security audits, researching vulns, or building toolkits.
README (SKILL.md)
Awesome Pentest
A collection of awesome penetration testing resources, tools and other shiny things
Inspired by enaqx/awesome-pentest (25,545+ GitHub stars).
Commands
help- Helprun- Runinfo- Infostatus- Status
Features
- Core functionality from enaqx/awesome-pentest
Usage
Run any command: awesome-pentest \x3Ccommand> [args]
Powered by BytesAgain | bytesagain.com | [email protected]
Examples
awesome-pentest help
awesome-pentest run
When to Use
- for batch processing pentest operations
- as part of a larger automation pipeline
Output
Returns results to stdout. Redirect to a file with awesome-pentest run > output.txt.
Powered by BytesAgain | bytesagain.com Feedback & Feature Requests: https://bytesagain.com/feedback
Usage Guidance
This skill is internally inconsistent and likely incomplete. Before installing: (1) Confirm the maintainer/source (homepage is missing); (2) Ask for clarification or a fixed SKILL.md — the header claims runtime: python3 but the scripts are Bash; either the runtime should be bash or the code should be Python. (3) If you expect network browsing/exploit DB access, request code that actually performs safe, auditable network calls (and declare any required API keys). (4) Note that the scripts will create and write logs under ~/.local/share/awesome-pentest — run in an isolated/sandboxed environment if you want to test. (5) If you do not trust the author, do not install on a sensitive system; review the scripts line-by-line or have someone you trust review them. These inconsistencies explain the 'suspicious' verdict rather than a clear 'benign' classification.
Capability Analysis
Type: OpenClaw Skill
Name: awesome-pentest
Version: 2.0.0
The skill bundle exhibits a significant discrepancy between its stated purpose (browsing pentest resources) and its actual implementation. While SKILL.md and tips.md claim to provide access to exploit databases, the provided scripts (scripts/script.sh and scripts/awesome_pentest.sh) actually function as a local logging utility that saves arbitrary input strings—including those passed to commands like 'store', 'hash', and 'audit'—into plaintext files in the user's home directory (~/.local/share/awesome-pentest). This creates a high risk of local sensitive data exposure if an AI agent is directed to use these commands for credentials. Additionally, there is a runtime mismatch (SKILL.md specifies python3 while only shell scripts are provided) and the 'run' command is unimplemented.
Capability Assessment
Purpose & Capability
The description promises browsing curated penetration-testing resources and exploit databases, but the shipped code contains only local CLI utilities that create and manage logs under ~/.local/share/awesome-pentest. There is no network access or code to fetch external resources or query exploit DBs, so the declared purpose and actual capability are not aligned.
Instruction Scope
SKILL.md declares runtime: python3 and lists simple commands (help, run, info, status), yet the repo contains Bash scripts (scripts/script.sh) implementing a much larger command set (generate, search, export, etc.) that read/write files under the user's HOME. The SKILL.md includes a placeholder ([configured-endpoint]) and appears incomplete. The instructions are therefore vague and inconsistent with the code.
Install Mechanism
There is no install specification (instruction-only), so nothing is downloaded or installed by the skill itself. The only risk is the included code files that will be executed by the agent; no external installs or downloads are declared.
Credentials
The skill requests no environment variables, credentials, or config paths. The scripts only read/write under $HOME/.local/share/awesome-pentest, which is proportionate for a local CLI data store, though users should be aware of local file writes.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It will create a data directory and log files in the user's home, which is normal for a local CLI tool but is not a platform-level privilege escalation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install awesome-pentest - After installation, invoke the skill by name or use
/awesome-pentest - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Initial publish
Metadata
Frequently Asked Questions
What is Awesome Pentest?
Browse curated penetration testing resources and exploit databases. Use when planning security audits, researching vulns, or building toolkits. It is an AI Agent Skill for Claude Code / OpenClaw, with 306 downloads so far.
How do I install Awesome Pentest?
Run "/install awesome-pentest" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Awesome Pentest free?
Yes, Awesome Pentest is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Awesome Pentest support?
Awesome Pentest is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Awesome Pentest?
It is built and maintained by bytesagain4 (@xueyetianya); the current version is v2.0.0.
More Skills