← Back to Skills Marketplace
541
Downloads
1
Stars
2
Active Installs
5
Versions
Install in OpenClaw
/install web-recon
Description
Website vulnerability scanner and security audit toolkit. Scan any website for security issues: open ports (nmap), exposed secrets, subdomain enumeration, di...
Usage Guidance
This package appears to do what it says (an integrated web reconnaissance tool), but it comes from an unknown owner and will perform intrusive network actions (port scans, directory brute force, secrets discovery) and call public APIs (ip‑api, Shodan if configured). Before installing or running: 1) only scan targets you are explicitly authorized to test (unauthorized scanning may be illegal); 2) review the two scripts yourself (they're included) and run them in a sandbox or isolated environment; 3) be cautious about providing SHODAN_API_KEY; 4) if you don't want password‑spray or brute‑force behavior, avoid installing or supplying wordlists that enable credential attacks. If you want higher assurance, request provenance (homepage or repo) or verify the upstream projects referenced (titus, nuclei, subfinder, etc.) before use.
Capability Analysis
Type: OpenClaw Skill
Name: web-recon
Version: 0.1.0
The bundle is a comprehensive web reconnaissance and vulnerability scanning toolkit that orchestrates multiple security tools like nmap, gobuster, and nuclei. It includes scripts for automated technology fingerprinting, subdomain enumeration, and secrets detection (scripts/titus-web.sh). While the functionality is aligned with its stated purpose for security auditing, it is classified as suspicious due to its high-risk capabilities, including active network scanning, directory brute-forcing, and the automated fetching of remote content for analysis. It also communicates with external services like ip-api.com and shodan.io for geolocation and infrastructure intelligence.
Capability Assessment
Purpose & Capability
The name/description (web recon / vuln scanning) match the included scripts and references: nmap, whatweb, subfinder/amass, gobuster/ffuf, nikto, nuclei, WPScan and a 'titus' secrets scanner are all used. The included wordlists and references align with directory/subdomain discovery and secrets reconnaissance.
Instruction Scope
SKILL.md and scripts are explicit about network scanning, downloading site content, running port scans, querying public APIs (ip-api.com, Shodan if API key provided) and producing reports in ~/.openclaw/workspace/recon/<domain>/. They do not attempt to read unrelated system files, but they do look for wordlists at system paths (/usr/share/seclists, /usr/share/dirb) and may use password lists (references mention password spraying wordlists). This is expected for pentesting but increases potential for misuse.
Install Mechanism
There is no install spec; the skill is instruction+script based and expects the user to have or install third‑party CLI tools. The scripts skip missing tools gracefully. No archive downloads or obscure install URLs are performed by the included scripts themselves (references mention GitHub releases for third‑party tools).
Credentials
The skill does not require secrets. SKILL.md documents an optional SHODAN_API_KEY and OUTDIR. Registry metadata lists no required env vars; the presence of an optional SHODAN API key in documentation is reasonable but should be considered optional. The references to password lists and password-spraying wordlists are relevant to pentesting but also facilitate offensive actions—this increases sensitivity but is coherent with purpose.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide configs. It writes scan outputs to a workspace directory under the user's home; that is a normal, limited footprint.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install web-recon - After installation, invoke the skill by name or use
/web-recon - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release — website vulnerability scanner and security audit toolkit
v1.2.0
v1.2.0: Improved skill description for search discoverability. Restructured SKILL.md with clearer 'Why Use This' section, tool columns in scan modules table, and better organization. No functional changes.
v1.1.0
v1.1.0: Security header scoring (10 headers, severity-weighted, color-rated). CORS misconfiguration detection. Port scanning (nmap top 1000). Shodan via SHODAN_API_KEY env var. Screenshot capture (cutycapt/chromium). JSON report output (--json). Resume mode (--resume). Merged webrecon.sh into webscan.sh --quick. Expanded sensitive file checks (30+ paths). Consolidated into single script.
v1.0.1
Fix: removed hardcoded host paths. Scripts now use relative paths (SCRIPT_DIR) and PATH lookups for optional tools.
v1.0.0
Initial release: webscan.sh (10-step security scan), webrecon.sh (light recon), titus-web.sh (secrets scanner)
Metadata
Frequently Asked Questions
What is web-recon?
Website vulnerability scanner and security audit toolkit. Scan any website for security issues: open ports (nmap), exposed secrets, subdomain enumeration, di... It is an AI Agent Skill for Claude Code / OpenClaw, with 541 downloads so far.
How do I install web-recon?
Run "/install web-recon" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is web-recon free?
Yes, web-recon is completely free (open-source). You can download, install and use it at no cost.
Which platforms does web-recon support?
web-recon is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created web-recon?
It is built and maintained by p0lish (@p0lish); the current version is v0.1.0.
More Skills