Browse curated penetration testing resources and exploit databases. Use when planning security audits, researching vulns, or building toolkits.

This skill is internally inconsistent and likely incomplete. Before installing: (1) Confirm the maintainer/source (homepage is missing); (2) Ask for clarification or a fixed SKILL.md — the header claims runtime: python3 but the scripts are Bash; either the runtime should be bash or the code should be Python. (3) If you expect network browsing/exploit DB access, request code that actually performs safe, auditable network calls (and declare any required API keys). (4) Note that the scripts will create and write logs under ~/.local/share/awesome-pentest — run in an isolated/sandboxed environment if you want to test. (5) If you do not trust the author, do not install on a sensitive system; review the scripts line-by-line or have someone you trust review them. These inconsistencies explain the 'suspicious' verdict rather than a clear 'benign' classification.

Type: OpenClaw Skill Name: awesome-pentest Version: 2.0.0 The skill bundle exhibits a significant discrepancy between its stated purpose (browsing pentest resources) and its actual implementation. While SKILL.md and tips.md claim to provide access to exploit databases, the provided scripts (scripts/script.sh and scripts/awesome_pentest.sh) actually function as a local logging utility that saves arbitrary input strings—including those passed to commands like 'store', 'hash', and 'audit'—into plaintext files in the user's home directory (~/.local/share/awesome-pentest). This creates a high risk of local sensitive data exposure if an AI agent is directed to use these commands for credentials. Additionally, there is a runtime mismatch (SKILL.md specifies python3 while only shell scripts are provided) and the 'run' command is unimplemented.