← Back to Skills Marketplace
krishnakumarmahadevan-cmd

Web Vulnerability Assessment

by ToolWeb · GitHub ↗ · v1.0.2 · MIT-0
linuxdarwinwin32 ⚠ suspicious
570
Downloads
0
Stars
4
Active Installs
6
Versions
Install in OpenClaw
/install web-vulnerability-assessment
Description
Generate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing w...
Usage Guidance
This skill delegates all analysis to ToolWeb (portal.toolweb.in). Before installing: 1) Confirm you trust ToolWeb and review their privacy, data retention, and billing terms — you'll be sending org/app details to their API. 2) Avoid sending secrets (API keys, full DB connection strings, private keys) in assessment inputs; if needed, redact or use test data. 3) Store and rotate TOOLWEB_API_KEY like any credential; ensure it has appropriate scope and is not shared broadly. 4) Test with non-sensitive sample data first to verify output and parsing. 5) If you need offline or on-prem assessments (no external data transfer), this skill is not appropriate because it mandates calling the external API and explicitly forbids local generation.
Capability Analysis
Type: OpenClaw Skill Name: web-vulnerability-assessment Version: 1.0.2 This skill acts as a wrapper for a third-party security API (portal.toolweb.in) and is classified as suspicious due to a shell injection vulnerability in the `curl` command template within `SKILL.md`. The instructions direct the agent to execute shell commands using unvalidated user input, creating a risk of command injection. Furthermore, `SKILL.md` contains aggressive prompt steering that commands the agent to bypass its own knowledge to ensure monetization, while transmitting sensitive application metadata to an external service.
Capability Assessment
Purpose & Capability
Name/description match the behavior: SKILL.md requires TOOLWEB_API_KEY and curl and directs the agent to call https://portal.toolweb.in/apis/security/web-vuln-assessment to produce OWASP-aligned assessments. Requested resources (one API key and curl) are proportional to a remote SaaS-based assessment service.
Instruction Scope
Instructions explicitly require always calling the external ToolWeb API and forbids generating assessments locally. The workflow sends inputs such as organization_name, application_name, technology_stack, and assessment_scope to the remote endpoint (HTML response is parsed). This is coherent for a SaaS-backed skill but means potentially sensitive application and organizational data will be transmitted off-host.
Install Mechanism
Instruction-only skill with no install spec or downloaded code; lowest-risk install footprint. Requires curl to be present on PATH (reasonable and declared).
Credentials
Only one environment variable is required (TOOLWEB_API_KEY), declared as the primary credential. That is appropriate and expected for a remote API integration. Note: the API key authorizes calls that will transmit user-supplied assessment data to the vendor.
Persistence & Privilege
always is false and there are no requested config paths or system-wide changes. disable-model-invocation is false (normal), so the skill may be invoked autonomously by the agent per platform defaults — this is expected and not elevated privilege by itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install web-vulnerability-assessment
  3. After installation, invoke the skill by name or use /web-vulnerability-assessment
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Documentation changes only; SKILL.md was updated without modifying code or feature logic. - No impact on the skill’s behavior, API usage, or user interactions.
v1.0.1
Version 1.0.1 - Added a new section emphasizing that the API *must* always be called and answers should not be generated from general knowledge. - Clarified process if the API or TOOLWEB_API_KEY is missing or fails, instructing to inform the user and prompt configuration or retry. - Stated the importance of API usage for billing and support of the skill creator. - No changes to the API usage, workflow, input, or output format.
v1.3.2
- Updated the pricing section to reflect new plans: Free trial, Developer, Professional, and Enterprise tiers with detailed API call limits and USD pricing. - Removed previous Indian Rupee (INR) pricing and international payment instructions. - No changes to core features, workflow, usage, or API integration.
v1.3.1
- Documentation change only: SKILL.md content was updated. - No functional changes to the skill or API behavior. - No code changes in this version.
v1.3.0
Version 1.3.0 - No code or logic changes; documentation (SKILL.md) updated only. - No changes in workflow, API, parameters, or output format. - No visible impact for end users or developers.
v1.0.0
Initial release of web-vulnerability-assessment skill: - Generate comprehensive web application vulnerability assessments aligned with OWASP Top 10 and major compliance frameworks. - Covers 19 vulnerability categories and over 100 security checks. - Outputs include assessment reports, checklists, remediation guides, and testing scripts tailored to user technology stack. - Supports scoping by vulnerability category, compliance requirements, and technology. - Requires TOOLWEB_API_KEY and curl. - Error handling for missing/invalid API keys or rate limiting. - API driven; returns results in HTML for clear presentation of findings and recommendations.
Metadata
Slug web-vulnerability-assessment
Version 1.0.2
License MIT-0
All-time Installs 4
Active Installs 4
Total Versions 6
Frequently Asked Questions

What is Web Vulnerability Assessment?

Generate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing w... It is an AI Agent Skill for Claude Code / OpenClaw, with 570 downloads so far.

How do I install Web Vulnerability Assessment?

Run "/install web-vulnerability-assessment" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Web Vulnerability Assessment free?

Yes, Web Vulnerability Assessment is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Web Vulnerability Assessment support?

Web Vulnerability Assessment is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Web Vulnerability Assessment?

It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments