← Back to Skills Marketplace
realguoxiufeng

waf-validator-skills

by realguoxiufeng · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
82
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install waf-validator-skills
Description
WAF Rule Validator - Tool for testing and validating WAF security rules
Usage Guidance
This skill is essentially documentation/instructions for GoTestWAF and a Docker image (wallarm/gotestwaf). Before using it: 1) Confirm you have explicit legal authorization to run security tests against any target (unauthorized scanning is illegal). 2) Verify the upstream project/image (wallarm/gotestwaf) and, if possible, inspect source code or the Docker image provenance before executing. 3) Ensure Go 1.24, Docker, and optional Chrome are installed in an isolated/test environment to avoid accidental impact. 4) Because the skill can trigger network scans, avoid enabling autonomous invocation unless you trust the skill and its operator. 5) No secrets are requested by the skill, but do not supply unrelated credentials when following its examples.
Capability Analysis
Type: OpenClaw Skill Name: waf-validator-skills Version: 1.0.0 The skill bundle provides instructions for an AI agent to build and operate GoTestWAF, a security tool designed to test Web Application Firewalls by generating and sending malicious payloads (e.g., SQL injection, XSS). While the behavior is aligned with the stated purpose of security validation, the skill involves high-risk activities such as local binary compilation, execution, and network-based attack simulation. Per the analysis criteria, these risky capabilities are classified as suspicious even if plausibly needed for the tool's function. No evidence of intentional malice, data exfiltration, or backdoors was found in SKILL.md or _meta.json.
Capability Assessment
Purpose & Capability
The name/description describe a WAF testing tool and the SKILL.md contains build/run instructions, options, test-case formats and examples for GoTestWAF and the wallarm/gotestwaf Docker image — these are coherent with a WAF rule validator.
Instruction Scope
Instructions explicitly direct building and running a scanner that generates malicious requests against targets (via ./gotestwaf or Docker). The SKILL.md does not instruct reading unrelated system files or environment variables, but it does enable network scanning and request generation — ensure you have authorization to test any target.
Install Mechanism
This is an instruction-only skill with no install spec or code files. No downloads or install scripts are included in the package itself, which reduces installation risk. The README references building locally or pulling an existing Docker image.
Credentials
The skill declares no required environment variables or credentials. It mentions runtime dependencies (Go 1.24+, Chrome) but does not request unrelated secrets or system config paths — requirements are proportionate to the stated functionality.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (the platform default). Note: because the skill can initiate scans, granting autonomous invocation could allow the agent to run network tests without further consent — consider limiting autonomous use if undesired.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install waf-validator-skills
  3. After installation, invoke the skill by name or use /waf-validator-skills
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
WAF Rule Validator 是一个用于评估 Web 应用安全解决方案(WAF、API 网关、IPS)的工具。它通过生成恶意请求来测试安全防护规则的有效性,支持 REST、GraphQL、gRPC、SOAP、XMLRPC 等多种 API 协议。
Metadata
Slug waf-validator-skills
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is waf-validator-skills?

WAF Rule Validator - Tool for testing and validating WAF security rules. It is an AI Agent Skill for Claude Code / OpenClaw, with 82 downloads so far.

How do I install waf-validator-skills?

Run "/install waf-validator-skills" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is waf-validator-skills free?

Yes, waf-validator-skills is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does waf-validator-skills support?

waf-validator-skills is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created waf-validator-skills?

It is built and maintained by realguoxiufeng (@realguoxiufeng); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments