← Back to Skills Marketplace
371
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install metasploit-skill
Description
Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tu...
Usage Guidance
This skill implements a legitimate, cautious Metasploit workflow and includes a small helper script to generate .rc files, but the package metadata does not declare that msfconsole and python3 are required. Before installing or running: (1) Verify you have explicit, written authorization for any targets you test; (2) confirm msfconsole and python3 are present and allowed in your environment; (3) inspect scripts/build_rc.py (it's short and readable) and any output paths the skill will write to (spool, .rc files); (4) run in an isolated/test environment first to avoid accidental impact; and (5) prefer source or homepage provenance — this package has no homepage listed, so if provenance matters to you, request the publisher to provide it. The omission of required binaries in metadata may be an oversight, but treat it as a risk until clarified.
Capability Analysis
Type: OpenClaw Skill
Name: metasploit-skill
Version: 1.0.0
The skill bundle provides a structured framework for automating Metasploit exploitation workflows, which constitutes a high-risk capability. It includes a Python script (`scripts/build_rc.py`) to generate Metasploit resource files and comprehensive documentation (`SKILL.md`, `workflow.md`) guiding the agent through target triage, module selection, and execution. While the instructions explicitly mandate authorization and scoping, the inherent risk of providing an AI agent with automated exploitation tools warrants a suspicious classification under the provided criteria.
Capability Assessment
Purpose & Capability
The skill name, description, SKILL.md, references, and the included scripts clearly target Metasploit workflows (module selection, .rc generation, msfconsole execution). However the declared metadata lists no required binaries or primary credential even though the runtime instructions call for msfconsole and python3. That omission is inconsistent with the stated purpose and should be corrected or explained.
Instruction Scope
SKILL.md is narrowly focused on planning and executing authorized Metasploit assessments, includes an explicit authorization check, stepwise workflow, and conservative guidance (use check first, review .rc before running). The instructions do direct the agent to write .rc files, run msfconsole, and capture logs/sessions — all expected for this purpose and explicitly scoped to authorized testing.
Install Mechanism
There is no install spec (instruction-only plus a small included script), which is lowest risk for supply-chain code changes. The included scripts/build_rc.py is simple and safe. The skill relies on external tools (msfconsole, Python) but does not install them; the metadata should list those runtime dependencies.
Credentials
No environment variables, credentials, or config paths are requested — appropriate for this skill. Still, the skill will operate on network targets and may need filesystem access for .rc and spool logs; ensure those are acceptable for your environment. The lack of declared required binaries (msfconsole/python3) is the main proportionality inconsistency.
Persistence & Privilege
Skill does not request always:true or other elevated persistence. It is user-invocable and allows autonomous invocation by default (platform standard). It does not modify other skills or claim system-wide configuration changes.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install metasploit-skill - After installation, invoke the skill by name or use
/metasploit-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the openclaw-metasploit skill.
- Enables repeatable and auditable Metasploit assessments for OpenClaw tasks.
- Includes decision-tree workflow covering authorization, target context, module selection, .rc script generation, controlled execution, and evidence-based reporting.
- Provides helper scripts and guidance for resource script (.rc) creation and reliable exploitation.
- Emphasizes scope confirmation, reproducibility, and concise, technical reporting.
Metadata
Frequently Asked Questions
What is metasploit?
Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tu... It is an AI Agent Skill for Claude Code / OpenClaw, with 371 downloads so far.
How do I install metasploit?
Run "/install metasploit-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is metasploit free?
Yes, metasploit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does metasploit support?
metasploit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created metasploit?
It is built and maintained by zengyuxiu (@zengyuxiu); the current version is v1.0.0.
More Skills