← 返回 Skills 市场
zengyuxiu

metasploit

作者 zengyuxiu · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
371
总下载
1
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install metasploit-skill
功能描述
Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tu...
安全使用建议
This skill implements a legitimate, cautious Metasploit workflow and includes a small helper script to generate .rc files, but the package metadata does not declare that msfconsole and python3 are required. Before installing or running: (1) Verify you have explicit, written authorization for any targets you test; (2) confirm msfconsole and python3 are present and allowed in your environment; (3) inspect scripts/build_rc.py (it's short and readable) and any output paths the skill will write to (spool, .rc files); (4) run in an isolated/test environment first to avoid accidental impact; and (5) prefer source or homepage provenance — this package has no homepage listed, so if provenance matters to you, request the publisher to provide it. The omission of required binaries in metadata may be an oversight, but treat it as a risk until clarified.
功能分析
Type: OpenClaw Skill Name: metasploit-skill Version: 1.0.0 The skill bundle provides a structured framework for automating Metasploit exploitation workflows, which constitutes a high-risk capability. It includes a Python script (`scripts/build_rc.py`) to generate Metasploit resource files and comprehensive documentation (`SKILL.md`, `workflow.md`) guiding the agent through target triage, module selection, and execution. While the instructions explicitly mandate authorization and scoping, the inherent risk of providing an AI agent with automated exploitation tools warrants a suspicious classification under the provided criteria.
能力评估
Purpose & Capability
The skill name, description, SKILL.md, references, and the included scripts clearly target Metasploit workflows (module selection, .rc generation, msfconsole execution). However the declared metadata lists no required binaries or primary credential even though the runtime instructions call for msfconsole and python3. That omission is inconsistent with the stated purpose and should be corrected or explained.
Instruction Scope
SKILL.md is narrowly focused on planning and executing authorized Metasploit assessments, includes an explicit authorization check, stepwise workflow, and conservative guidance (use check first, review .rc before running). The instructions do direct the agent to write .rc files, run msfconsole, and capture logs/sessions — all expected for this purpose and explicitly scoped to authorized testing.
Install Mechanism
There is no install spec (instruction-only plus a small included script), which is lowest risk for supply-chain code changes. The included scripts/build_rc.py is simple and safe. The skill relies on external tools (msfconsole, Python) but does not install them; the metadata should list those runtime dependencies.
Credentials
No environment variables, credentials, or config paths are requested — appropriate for this skill. Still, the skill will operate on network targets and may need filesystem access for .rc and spool logs; ensure those are acceptable for your environment. The lack of declared required binaries (msfconsole/python3) is the main proportionality inconsistency.
Persistence & Privilege
Skill does not request always:true or other elevated persistence. It is user-invocable and allows autonomous invocation by default (platform standard). It does not modify other skills or claim system-wide configuration changes.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install metasploit-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /metasploit-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the openclaw-metasploit skill. - Enables repeatable and auditable Metasploit assessments for OpenClaw tasks. - Includes decision-tree workflow covering authorization, target context, module selection, .rc script generation, controlled execution, and evidence-based reporting. - Provides helper scripts and guidance for resource script (.rc) creation and reliable exploitation. - Emphasizes scope confirmation, reproducibility, and concise, technical reporting.
元数据
Slug metasploit-skill
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

metasploit 是什么?

Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tu... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 371 次。

如何安装 metasploit?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install metasploit-skill」即可一键安装,无需额外配置。

metasploit 是免费的吗?

是的,metasploit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

metasploit 支持哪些平台?

metasploit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 metasploit?

由 zengyuxiu(@zengyuxiu)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论