← Back to Skills Marketplace
MUKI Asset Fingerprinting
by
Admin4Giter
· GitHub ↗
· v1.0.0
707
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install muki-fingerprint
Description
MUKI asset fingerprinting tool for red team reconnaissance. Use when performing authorized penetration testing, asset discovery, service fingerprinting, vuln...
Usage Guidance
This package looks like documentation plus fingerprint/signature databases for a red-team scanner but does not include the 'muki' binary or an install method and its source/homepage are unknown. Before installing or using it: (1) do not run scans against systems without explicit written authorization, (2) obtain the actual binary from a trusted, verifiable source (or request an install spec), (3) inspect any binary you download (checksum/signature, run in an isolated VM or sandbox), (4) review the included fingerprint/rule files if you are concerned about overly broad or privacy-invasive patterns, and (5) if you let an agent invoke this skill autonomously, restrict targets and monitor network activity to avoid accidental unauthorized scanning.
Capability Analysis
Type: OpenClaw Skill
Name: muki-fingerprint
Version: 1.0.0
The skill bundle describes a 'red team reconnaissance' tool designed for asset fingerprinting, sensitive path detection, and sensitive information extraction, including credentials, PII, and vulnerability indicators. While the `SKILL.md` explicitly warns against unauthorized use and emphasizes the need for authorization, the tool's core capabilities are inherently high-risk. Specifically, `references/Rules.yml` contains regex patterns to extract passwords, JDBC strings, ID numbers, and bank card numbers, and `references/active_finger.json` includes probes for known vulnerability indicators (e.g., ThinkPHP RCE) and unauthenticated service information (e.g., Redis INFO). These functionalities, though declared for security assessment, pose significant risks if misused, classifying the skill as suspicious rather than benign or malicious, as there is no evidence of intentional self-exploitation or unauthorized actions against the agent's host.
Capability Assessment
Purpose & Capability
SKILL.md describes a runnable command-line scanner (muki) and ships large fingerprint and rules databases, which aligns with an asset-fingerprinting purpose. However, the skill provides no binary, install spec, or download URL for the referenced 'muki' executable and the source/homepage are unknown. That mismatch (claiming a runnable tool but supplying only docs/data) is unexpected and reduces coherence.
Instruction Scope
The instructions focus on scanning targets, using proxies, thread control, and handling output. They explicitly require written authorization and do not instruct the agent to read unrelated local files, exfiltrate data to external endpoints, or access secrets. Use of Tor/proxies is suggested for anonymity (expected for red-team workflows) but could be abused if used without authorization.
Install Mechanism
There is no install specification (instruction-only), which is low-risk from an install/execution vector standpoint. The skill includes large fingerprint and rules files embedded as references (JSON/YML) but does not download or execute external code. The main risk is the missing distribution/install step for the actual scanner binary.
Credentials
The skill requests no environment variables, credentials, or config paths. The included Rules.yml marks some regexes as 'sensitive' (identifiers, phone numbers, bank cards), which is appropriate for a data-extraction tool, but no secrets are requested by the skill itself.
Persistence & Privilege
Default privileges are preserved (always:false; user-invocable; model-invocation allowed). The skill does not request permanent presence or attempt to modify other skills or system-wide settings. Autonomous invocation is allowed by default on the platform, but this skill alone does not escalate privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install muki-fingerprint - After installation, invoke the skill by name or use
/muki-fingerprint - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: MUKI asset fingerprinting tool for red team reconnaissance. Features 30,000+ passive fingerprints, 300+ active rules, sensitive path detection, and information extraction.
Metadata
Frequently Asked Questions
What is MUKI Asset Fingerprinting?
MUKI asset fingerprinting tool for red team reconnaissance. Use when performing authorized penetration testing, asset discovery, service fingerprinting, vuln... It is an AI Agent Skill for Claude Code / OpenClaw, with 707 downloads so far.
How do I install MUKI Asset Fingerprinting?
Run "/install muki-fingerprint" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is MUKI Asset Fingerprinting free?
Yes, MUKI Asset Fingerprinting is completely free (open-source). You can download, install and use it at no cost.
Which platforms does MUKI Asset Fingerprinting support?
MUKI Asset Fingerprinting is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created MUKI Asset Fingerprinting?
It is built and maintained by Admin4Giter (@admin4giter); the current version is v1.0.0.
More Skills