← Back to Skills Marketplace
pandaai-1337

Payloads

by PandaAI-1337 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
224
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install payloads
Description
Provides curated exploitation payloads for authorized security testing, including anti-virus test files, malicious files, and file name exploits.
Usage Guidance
This skill is internally consistent with being a curated payload collection for authorized testing, but it contains real test payloads that will trigger antivirus and can exploit or crash services if used incorrectly. Only install/use in authorized contexts and isolated test environments (VMs, containers, labs). Manually review the included files (especially files with backticks, $(...), null-bytes, SWF/PNG/GIF PoCs, and any encoded/obfuscated blocks) before running or uploading them to any system. Verify the skill's provenance (it cites SecLists/GitHub but source is 'unknown') — if you need these payloads, prefer pulling directly from the upstream SecLists repository or a trusted mirror. If you see any embedded base64 or unexpected network endpoints, do not run them and get a security review.
Capability Analysis
Type: OpenClaw Skill Name: payloads Version: 1.0.0 This skill bundle is a curated collection of security testing payloads sourced from the reputable SecLists project, intended for authorized penetration testing and educational purposes. It contains standard industry test files such as the EICAR anti-virus test string (eicar-com.txt), command injection filename patterns, and PHP info payloads for testing file uploads. The instructions in SKILL.md and the associated documentation are transparent about the nature of the files and do not contain any malicious logic, exfiltration attempts, or prompt-injection attacks.
Capability Assessment
Purpose & Capability
Name/description and included files align: this is a curated subset of SecLists payloads (EICAR, filename exploits, PHP payloads, README guidance). There are no unrelated credentials, binaries, or installs requested.
Instruction Scope
SKILL.md stays on-topic and only shows benign examples (walking the references/Payloads directory). It explicitly warns about authorized use. However, the payload files include shell-expansion filenames (e.g., `Hello$(hostname)World.txt`, backticks) and null-byte/obfuscated filenames that could trigger or exploit target systems if used — the instructions do not provide safeguards for safe execution or recommended isolated test environments.
Install Mechanism
Instruction-only skill with no install spec and no code to write to disk. This is lower risk from an install/execution perspective.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for a repository of test payload files.
Persistence & Privilege
always:false and default autonomous invocation are used (normal). There is no indication the skill requests elevated or persistent privileges or modifies other skills' configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install payloads
  3. After installation, invoke the skill by name or use /payloads
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
SecLists Payloads (Curated) 1.0.0 - Initial release of curated exploitation payloads for security testing. - Includes EICAR anti-virus test file, null byte filenames, and command execution filename payloads. - Designed to support anti-virus, file upload, path traversal, and security control validation tests. - Usage instructions and clear guidance on ethical/legal boundaries provided. - References and links to the full SecLists repository for further resources.
Metadata
Slug payloads
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Payloads?

Provides curated exploitation payloads for authorized security testing, including anti-virus test files, malicious files, and file name exploits. It is an AI Agent Skill for Claude Code / OpenClaw, with 224 downloads so far.

How do I install Payloads?

Run "/install payloads" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Payloads free?

Yes, Payloads is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Payloads support?

Payloads is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Payloads?

It is built and maintained by PandaAI-1337 (@pandaai-1337); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments