← Back to Skills Marketplace
AuditCore — Network Security Audit Suite
by
santanallen
· GitHub ↗
· v1.0.0
· MIT-0
46
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install auditcore-network-audit
Description
AuditCore — Suite completa de auditoría de seguridad para infraestructura de red. Cubre 6 vendors (F5, Cisco, Fortinet, Palo Alto, Juniper, Arista), 5 framew...
README (SKILL.md)
AuditCore — Network Security Audit Suite v2.0
Suite completa de auditoría de ciberseguridad para infraestructura de red crítica. Diseñada para OpenClaw con gestión de contexto por capas.
Arquitectura de Capas
Layer 0 — Siempre cargado (constitución + router)
system-methodology → 7 fases, reglas de oro, formato de hallazgos
system-index → Routing vendor→skill, framework→skill, rutas de memoria
memory-ops → Gestión del sistema de memoria (opcional)
Layer 1 — Un vendor a la vez (F1 → F7 completo)
vendor-kb-f5 → F5 BIG-IP TMOS 13.x-17.x, VELOS, XC
vendor-kb-cisco → Cisco IOS / IOS-XE / NX-OS / ACI
vendor-kb-fortinet → Fortinet FortiOS 6.x/7.x
vendor-kb-paloalto → Palo Alto PAN-OS 9.x/10.x/11.x + Panorama
vendor-kb-juniper → Juniper JunOS 18.x-23.x (SRX, QFX, EX, MX)
vendor-kb-arista → Arista EOS 4.2x / CloudVision
Layer 2 — Un framework a la vez (cargar → evaluar → descargar)
fw-checks-nist80053 → NIST SP 800-53 Rev 5 (~187 controles, 20 familias)
fw-checks-csf → NIST CSF 2.0 (6 funciones, ~40 subcategorías)
fw-checks-cis → CIS Controls v8 (18 controles, 153 safeguards)
fw-checks-pcidss → PCI DSS v4.0 (~89 controles técnicos, 12 requisitos)
fw-checks-iso27001 → ISO/IEC 27001:2022 (Anexo A temas 5, 6, 8)
Layer 3 — Reemplaza Layer 2 en Fase 6 (generación de reportes)
report-nist80053 → Reporte NIST 800-53: dashboard ejecutivo + POA&M + scripts
report-csf → Reporte CSF 2.0: radar chart + scorecard + maturity tier
report-cis → Reporte CIS v8: HTML técnico + quick wins + scripts
report-pcidss → Reporte PCI DSS: gap matrix + CVE CDE scope + QSA-ready
report-iso27001 → Reporte ISO 27001: SoA parcial + NC register + cert readiness
Skills especializados (cargar según necesidad):
audit-diag-health → Diagnóstico de salud para los 6 vendors (health + logs)
audit-auto-generate → Auto-genera skills para vendors sin KB pre-construido
tools-secops → Inventario de herramientas SecOps locales instaladas
community-cybersec-index → Router hacia 754 skills comunitarios de ciberseguridad
Cómo Usar Esta Suite
Inicio de sesión (siempre)
Cargar: system-methodology + system-index
Auditoría de un dispositivo
1. Cargar vendor-kb-{vendor} → Layer 1 activo
2. Cargar fw-checks-{framework} → Layer 2 activo
3. Ejecutar checks → guardar findings-{fw}.json → disco
4. Descargar fw-checks-{framework} → Layer 2 vacío
5. Cargar report-{framework} → Layer 3 activo
6. Leer findings desde disco → generar reporte → Layer 3 vacío
7. Repetir pasos 2-6 para cada framework
8. Descargar vendor-kb-{vendor} → ciclo completo
Diagnóstico rápido
Cargar: audit-diag-health (cubre todos los vendors)
Vendor sin KB pre-construido
Cargar: audit-auto-generate
Operaciones fuera de red (forensics, threat intel, cloud, etc.)
Cargar: community-cybersec-index → identifica skill específico
Nota: Requiere instalar la librería comunitaria por separado.
Frameworks Cubiertos
| Framework | Skills | Alcance |
|---|---|---|
| NIST SP 800-53 Rev 5 | fw-checks-nist80053 + report-nist80053 | ~187 controles, familias AC/AU/CM/IA/SC/SI |
| NIST CSF 2.0 | fw-checks-csf + report-csf | 6 funciones: GOVERN/IDENTIFY/PROTECT/DETECT/RESPOND/RECOVER |
| CIS Controls v8 | fw-checks-cis + report-cis | 18 controles, 153 safeguards |
| PCI DSS v4.0 | fw-checks-pcidss + report-pcidss | ~89 controles técnicos, 12 requisitos |
| ISO/IEC 27001:2022 | fw-checks-iso27001 + report-iso27001 | Anexo A: temas 5, 6, 8 |
Vendors Soportados
| Vendor | KB | OS/Platform |
|---|---|---|
| F5 Networks | vendor-kb-f5 | BIG-IP TMOS 13.x–17.x, VELOS, XC |
| Cisco | vendor-kb-cisco | IOS, IOS-XE, IOS-XR, NX-OS, ACI |
| Fortinet | vendor-kb-fortinet | FortiOS 6.x/7.x |
| Palo Alto Networks | vendor-kb-paloalto | PAN-OS 9.x/10.x/11.x, Panorama |
| Juniper Networks | vendor-kb-juniper | JunOS 18.x–23.x (SRX, QFX, EX, MX) |
| Arista Networks | vendor-kb-arista | EOS 4.2x, CloudVision |
| Cualquier otro vendor | audit-auto-generate | Auto-generación dinámica |
Reglas de Oro
- READ-ONLY — Nunca ejecutar comandos de escritura en producción
- EVIDENCIA REAL — Nunca inventar ni asumir output de comandos
- N/A sobre PASS falso — Sin evidencia = N/A, nunca PASS
- CREDENCIALES EFÍMERAS — Nunca persistir en disco
- HA WORST-CASE — Resultado del cluster = peor miembro individual
- CONFIRMACIÓN SIEMPRE — Resumen de hallazgos antes de generar reportes
- SCRIPTS SOLO REVISIÓN — Generar scripts, nunca auto-ejecutar
Gestión de Contexto
| Layer | Skills | ~Tokens | Vigencia |
|---|---|---|---|
| 0 | system-methodology + system-index | ~2,400 | Siempre |
| 1 | vendor-kb-{vendor} | ~1,500 | F1 → F7 |
| 2 | fw-checks-{framework} | ~1,200 | Un framework a la vez |
| 3 | report-{framework} | ~800 | Reemplaza Layer 2 en F6 |
Pico máximo de contexto: ~5,100 tokens (sin community skills).
Usage Guidance
This package appears to be a legitimately structured network-audit suite, but take these precautions before installing or running it:
- Review audit-auto-generate: it claims to auto-generate vendor skills — ask for the full content and confirm it does not dynamically create executable code or remote fetchers without human review.
- Treat remediation output as advisory only: the skill includes remediation templates that contain 'commit'/'configure'/'tmsh modify' and other write/commit operations. Ensure your agent/platform enforces the 'generate-only' rule and does not auto-apply any remediation scripts.
- Run first in an isolated lab: because tools-secops lists many offensive/exploit and pivoting tools (hydra, chisel, ligolo-ng, socat, etc.), test the workflow in a controlled environment to confirm operator confirmation gates and sanitization are effective.
- Confirm evidence handling and sanitization: the methodology promises masking of passwords/keys and ephemeral credentials, but verify at runtime that MEMORY/evidence/ paths are secure, that saved files are sanitized, and that you control retention/cleanup.
- Verify local tooling expectations: the skill assumes many binaries exist at specific paths; if those tools run under the agent's authority they could perform impactful actions—ensure the agent is allowed to execute only the tools you trust and that destructive tools require explicit operator confirmation.
If you want to proceed, ask for the full text of audit-auto-generate and the precise runtime enforcement model (how the platform prevents accidental execution of remediation or exploit tooling).
Capability Analysis
Type: OpenClaw Skill
Name: auditcore-network-audit
Version: 1.0.0
The bundle implements a highly complex 'AuditCore' suite with several high-risk capabilities that, while aligned with its stated purpose, create a significant attack surface. The 'audit-auto-generate' skill allows the agent to write new SKILL.md files to disk and subsequently execute them, which constitutes a self-modification/RCE risk. Furthermore, 'community-cybersec-index' references 754 external community skills (hliosone/anthropic-cybersecurity-skills), introducing a massive supply chain risk. While 'system-methodology' defines strict 'Rules of Gold' (read-only, no credential persistence), the combination of dynamic skill generation and the local offensive toolset in 'tools-secops' (e.g., sqlmap, hydra) makes this bundle high-risk for potential misuse or prompt injection exploitation.
Capability Tags
Capability Assessment
Purpose & Capability
The files and instructions match the stated purpose: vendor knowledge-bases, framework checks, and report generation. Vendor KBs list read-only commands and forbidden write-commands, framework/report skills read and write findings/reports to local MEMORY paths—these are expected for an audit suite.
Instruction Scope
The SKILL.md files consistently instruct read-only evidence collection and saving outputs to MEMORY paths (expected). However remediation formats and example scripts include write actions (e.g., 'set {remediation_cmd}', 'commit', 'tmsh modify', 'configure', 'commit confirmed') and explicit backup/apply/rollback command templates. The core methodology repeatedly forbids auto-executing changes, but the presence of ready-to-run remediation commands and rollback steps increases the chance of accidental or improper execution if operator gating is not enforced. tools-secops explicitly lists many offensive/exploitation and network pivot tools and describes agent execution of local tools (with operator confirmation required for exploitation)—this widens the agent's operational scope and requires careful runtime controls.
Install Mechanism
Instruction-only skill: no install spec, no external downloads, and no code files to execute. This lowers installation risk; the skill assumes existing local tooling and host paths (tools-secops), which is reasonable for a security-audit suite.
Credentials
No environment variables, no external credentials declared, and no required config paths. The skill expects SSH/CLI/API access to target devices (implied by commands) but does not request unrelated secrets. This is proportionate to the stated functionality.
Persistence & Privilege
always:false, no install, and no automatic model-disable flags. The skill writes evidence and reports to local MEMORY paths (part of its function) but does not request persistent elevated privileges or try to change other skills or system-wide agent settings. The main privilege concern is the potential content (sensitive credentials) being saved to disk if sanitization is not correctly enforced.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install auditcore-network-audit - After installation, invoke the skill by name or use
/auditcore-network-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: unified diagnostic and troubleshooting tool for multi-vendor network infrastructure.
- Supports health and operational diagnostics across F5, Cisco, Fortinet, Palo Alto, Juniper, and Arista in a single workflow.
- Defines three diagnostic domains: HEALTH_STATUS, LOGS_CONTROL_PLANE, LOGS_DATA_PLANE, with clear output format and alert thresholds.
- Organizes command sets and benchmarks per vendor for streamlined troubleshooting.
- Output includes summarized health, key events, and operational findings by severity.
- Integration-ready with vendor-specific knowledge bases; evidence and findings stored per host and assessment.
Metadata
Frequently Asked Questions
What is AuditCore — Network Security Audit Suite?
AuditCore — Suite completa de auditoría de seguridad para infraestructura de red. Cubre 6 vendors (F5, Cisco, Fortinet, Palo Alto, Juniper, Arista), 5 framew... It is an AI Agent Skill for Claude Code / OpenClaw, with 46 downloads so far.
How do I install AuditCore — Network Security Audit Suite?
Run "/install auditcore-network-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AuditCore — Network Security Audit Suite free?
Yes, AuditCore — Network Security Audit Suite is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does AuditCore — Network Security Audit Suite support?
AuditCore — Network Security Audit Suite is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AuditCore — Network Security Audit Suite?
It is built and maintained by santanallen (@santanallen); the current version is v1.0.0.
More Skills