← Back to Skills Marketplace
Pilot Penetration Testing Setup
by
Calin Teodor
· GitHub ↗
· v1.0.0
· MIT-0
72
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pilot-penetration-testing-setup
Description
Deploy an automated penetration testing pipeline with 4 agents. Use this skill when: 1. User wants to set up a penetration testing or security assessment pip...
README (SKILL.md)
Penetration Testing Setup
Deploy 4 agents that perform recon, scan vulnerabilities, validate exploits, and generate reports.
Roles
| Role | Hostname | Skills | Purpose |
|---|---|---|---|
| recon | \x3Cprefix>-recon |
pilot-discover, pilot-stream-data, pilot-archive | DNS enumeration, port scanning, service fingerprinting |
| scanner | \x3Cprefix>-scanner |
pilot-task-parallel, pilot-metrics, pilot-dataset | Vulnerability scans, CVE checks, misconfiguration detection |
| exploiter | \x3Cprefix>-exploiter |
pilot-task-chain, pilot-audit-log, pilot-receipt | Safe proof-of-concept validation, exploitability confirmation |
| reporter | \x3Cprefix>-reporter |
pilot-webhook-bridge, pilot-share, pilot-slack-bridge | Report generation with findings, risk ratings, remediation |
Setup Procedure
Step 1: Ask the user which role this agent should play and what prefix to use.
Step 2: Install the skills for the chosen role:
# For recon:
clawhub install pilot-discover pilot-stream-data pilot-archive
# For scanner:
clawhub install pilot-task-parallel pilot-metrics pilot-dataset
# For exploiter:
clawhub install pilot-task-chain pilot-audit-log pilot-receipt
# For reporter:
clawhub install pilot-webhook-bridge pilot-share pilot-slack-bridge
Step 3: Set the hostname:
pilotctl --json set-hostname \x3Cprefix>-\x3Crole>
Step 4: Write the setup manifest:
mkdir -p ~/.pilot/setups
cat > ~/.pilot/setups/penetration-testing.json \x3C\x3C 'MANIFEST'
\x3CINSERT ROLE MANIFEST FROM BELOW>
MANIFEST
Step 5: Tell the user to initiate handshakes with direct communication peers.
Manifest Templates Per Role
recon
{
"setup": "penetration-testing", "setup_name": "Penetration Testing",
"role": "recon", "role_name": "Reconnaissance Agent",
"hostname": "\x3Cprefix>-recon",
"description": "Performs passive and active reconnaissance — DNS enumeration, port scanning, service fingerprinting.",
"skills": {
"pilot-discover": "Enumerate DNS records, subdomains, and service endpoints.",
"pilot-stream-data": "Stream port scan results and fingerprints in real time.",
"pilot-archive": "Archive recon snapshots for baseline comparison."
},
"peers": [{"role": "scanner", "hostname": "\x3Cprefix>-scanner", "description": "Receives recon results for vulnerability scanning"}],
"data_flows": [{"direction": "send", "peer": "\x3Cprefix>-scanner", "port": 1002, "topic": "recon-result", "description": "Recon results with target profile and services"}],
"handshakes_needed": ["\x3Cprefix>-scanner"]
}
scanner
{
"setup": "penetration-testing", "setup_name": "Penetration Testing",
"role": "scanner", "role_name": "Vulnerability Scanner",
"hostname": "\x3Cprefix>-scanner",
"description": "Runs automated vulnerability scans, checks CVE databases, identifies misconfigurations.",
"skills": {
"pilot-task-parallel": "Run multiple scan tools in parallel across target services.",
"pilot-metrics": "Track scan coverage, finding counts, and severity distribution.",
"pilot-dataset": "Store CVE matches and vulnerability metadata."
},
"peers": [{"role": "recon", "hostname": "\x3Cprefix>-recon", "description": "Sends recon results"}, {"role": "exploiter", "hostname": "\x3Cprefix>-exploiter", "description": "Receives vulnerability findings"}],
"data_flows": [
{"direction": "receive", "peer": "\x3Cprefix>-recon", "port": 1002, "topic": "recon-result", "description": "Recon results with target profile and services"},
{"direction": "send", "peer": "\x3Cprefix>-exploiter", "port": 1002, "topic": "vulnerability", "description": "Vulnerability findings with CVE and severity"}
],
"handshakes_needed": ["\x3Cprefix>-recon", "\x3Cprefix>-exploiter"]
}
exploiter
{
"setup": "penetration-testing", "setup_name": "Penetration Testing",
"role": "exploiter", "role_name": "Exploit Validator",
"hostname": "\x3Cprefix>-exploiter",
"description": "Validates discovered vulnerabilities with safe proof-of-concept tests, confirms exploitability.",
"skills": {
"pilot-task-chain": "Chain validation steps: verify, exploit, document evidence.",
"pilot-audit-log": "Log all validation attempts with timestamps and results.",
"pilot-receipt": "Confirm receipt of vulnerability findings from scanner."
},
"peers": [{"role": "scanner", "hostname": "\x3Cprefix>-scanner", "description": "Sends vulnerability findings"}, {"role": "reporter", "hostname": "\x3Cprefix>-reporter", "description": "Receives validated findings"}],
"data_flows": [
{"direction": "receive", "peer": "\x3Cprefix>-scanner", "port": 1002, "topic": "vulnerability", "description": "Vulnerability findings with CVE and severity"},
{"direction": "send", "peer": "\x3Cprefix>-reporter", "port": 1002, "topic": "validated-finding", "description": "Validated findings with proof-of-concept evidence"}
],
"handshakes_needed": ["\x3Cprefix>-scanner", "\x3Cprefix>-reporter"]
}
reporter
{
"setup": "penetration-testing", "setup_name": "Penetration Testing",
"role": "reporter", "role_name": "Pentest Reporter",
"hostname": "\x3Cprefix>-reporter",
"description": "Generates pentest reports with findings, risk ratings, remediation steps, and executive summary.",
"skills": {
"pilot-webhook-bridge": "Deliver reports to client portals and ticketing systems.",
"pilot-share": "Share report drafts with stakeholders for review.",
"pilot-slack-bridge": "Notify security team of completed assessments."
},
"peers": [{"role": "exploiter", "hostname": "\x3Cprefix>-exploiter", "description": "Sends validated findings with evidence"}],
"data_flows": [
{"direction": "receive", "peer": "\x3Cprefix>-exploiter", "port": 1002, "topic": "validated-finding", "description": "Validated findings with proof-of-concept evidence"},
{"direction": "send", "peer": "external", "port": 443, "topic": "pentest-report", "description": "Pentest report via webhook and Slack"}
],
"handshakes_needed": ["\x3Cprefix>-exploiter"]
}
Data Flows
recon -> scanner: recon-result events (port 1002)scanner -> exploiter: vulnerability events (port 1002)exploiter -> reporter: validated-finding events (port 1002)reporter -> external: pentest-report via webhook (port 443)
Handshakes
# recon \x3C-> scanner:
pilotctl --json handshake \x3Cprefix>-scanner "setup: penetration-testing"
pilotctl --json handshake \x3Cprefix>-recon "setup: penetration-testing"
# scanner \x3C-> exploiter:
pilotctl --json handshake \x3Cprefix>-exploiter "setup: penetration-testing"
pilotctl --json handshake \x3Cprefix>-scanner "setup: penetration-testing"
# exploiter \x3C-> reporter:
pilotctl --json handshake \x3Cprefix>-reporter "setup: penetration-testing"
pilotctl --json handshake \x3Cprefix>-exploiter "setup: penetration-testing"
Workflow Example
# On scanner — subscribe to recon results:
pilotctl --json subscribe \x3Cprefix>-recon recon-result
# On exploiter — subscribe to vulnerabilities:
pilotctl --json subscribe \x3Cprefix>-scanner vulnerability
# On reporter — subscribe to validated findings:
pilotctl --json subscribe \x3Cprefix>-exploiter validated-finding
# On recon — publish a recon result:
pilotctl --json publish \x3Cprefix>-scanner recon-result '{"target":"app.example.com","open_ports":[22,80,443,8080]}'
# On exploiter — publish a validated finding:
pilotctl --json publish \x3Cprefix>-reporter validated-finding '{"cve":"CVE-2023-46589","validated":true,"impact":"RCE"}'
Dependencies
Requires pilot-protocol skill, pilotctl binary, clawhub binary, and a running daemon.
Usage Guidance
This skill appears to do what it says, but take these precautions before installing: 1) Ensure you have explicit legal authorization to run penetration testing in the target environment — this pipeline will discover and actively test systems. 2) Review and verify the provenance of each skill you will install via clawhub (pilot-discover, pilot-webhook-bridge, pilot-slack-bridge, etc.). 3) Prepare and securely store any webhook URLs or Slack tokens needed by reporter bridges; the SKILL.md doesn't declare these secrets. 4) Isolate the agents (network segmentation, non-production environment) and verify firewall rules for the described ports (e.g., port 1002 and outbound HTTPS) to avoid accidental exposure. 5) Confirm handshakes/peer trust policies before exchanging sensitive findings. If you want greater assurance, ask the author for the exact expectations for webhook/Slack configuration and the source locations (package registry or repository) for each child skill before proceeding.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match the runtime instructions: installing pilot skills, configuring hostnames, writing a manifest, and establishing handshakes. Declared required binaries (pilotctl, clawhub) are appropriate and expected for the Pilot protocol management tasks described.
Instruction Scope
Instructions stay within the described setup: installing role-specific skills, setting hostname, writing a setup manifest to ~/.pilot/setups, initiating handshakes, and using pilotctl publish/subscribe for data flows. Important operational behavior: the reporter role forwards reports externally (webhook/Slack) and the pipeline transmits reconnaissance and vulnerability data between agents — these are expected but involve sensitive data and should be explicitly authorized and configured.
Install Mechanism
This is instruction-only (no install spec). That is lower risk because nothing is downloaded or written by the skill itself beyond the manifest it instructs you to create. The actual installation of other skills is delegated to the user's clawhub; review each installed skill's provenance before proceeding.
Credentials
The skill declares no required environment variables, which aligns with the instruction-only nature. However the reporter role references pilot-webhook-bridge and pilot-slack-bridge, which will require webhook URLs and Slack credentials/configuration in practice — those credentials are not declared or discussed in SKILL.md. Expect to supply secrets when configuring those bridges; ensure they are proportionate and stored securely.
Persistence & Privilege
The skill does not request always:true and does not attempt to change other skills' configs. It instructs writing a manifest to ~/.pilot/setups and installing skills via clawhub, which are normal for setup tasks. Autonomous invocation of installed skills is possible (platform default) — combined with network forwarding it increases operational impact, but that is expected for this pipeline.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pilot-penetration-testing-setup - After installation, invoke the skill by name or use
/pilot-penetration-testing-setup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Pilot Penetration Testing Setup?
Deploy an automated penetration testing pipeline with 4 agents. Use this skill when: 1. User wants to set up a penetration testing or security assessment pip... It is an AI Agent Skill for Claude Code / OpenClaw, with 72 downloads so far.
How do I install Pilot Penetration Testing Setup?
Run "/install pilot-penetration-testing-setup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pilot Penetration Testing Setup free?
Yes, Pilot Penetration Testing Setup is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pilot Penetration Testing Setup support?
Pilot Penetration Testing Setup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pilot Penetration Testing Setup?
It is built and maintained by Calin Teodor (@teoslayer); the current version is v1.0.0.
More Skills