← 返回 Skills 市场
MUKI Asset Fingerprinting
作者
Admin4Giter
· GitHub ↗
· v1.0.0
707
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install muki-fingerprint
功能描述
MUKI asset fingerprinting tool for red team reconnaissance. Use when performing authorized penetration testing, asset discovery, service fingerprinting, vuln...
安全使用建议
This package looks like documentation plus fingerprint/signature databases for a red-team scanner but does not include the 'muki' binary or an install method and its source/homepage are unknown. Before installing or using it: (1) do not run scans against systems without explicit written authorization, (2) obtain the actual binary from a trusted, verifiable source (or request an install spec), (3) inspect any binary you download (checksum/signature, run in an isolated VM or sandbox), (4) review the included fingerprint/rule files if you are concerned about overly broad or privacy-invasive patterns, and (5) if you let an agent invoke this skill autonomously, restrict targets and monitor network activity to avoid accidental unauthorized scanning.
功能分析
Type: OpenClaw Skill
Name: muki-fingerprint
Version: 1.0.0
The skill bundle describes a 'red team reconnaissance' tool designed for asset fingerprinting, sensitive path detection, and sensitive information extraction, including credentials, PII, and vulnerability indicators. While the `SKILL.md` explicitly warns against unauthorized use and emphasizes the need for authorization, the tool's core capabilities are inherently high-risk. Specifically, `references/Rules.yml` contains regex patterns to extract passwords, JDBC strings, ID numbers, and bank card numbers, and `references/active_finger.json` includes probes for known vulnerability indicators (e.g., ThinkPHP RCE) and unauthenticated service information (e.g., Redis INFO). These functionalities, though declared for security assessment, pose significant risks if misused, classifying the skill as suspicious rather than benign or malicious, as there is no evidence of intentional self-exploitation or unauthorized actions against the agent's host.
能力评估
Purpose & Capability
SKILL.md describes a runnable command-line scanner (muki) and ships large fingerprint and rules databases, which aligns with an asset-fingerprinting purpose. However, the skill provides no binary, install spec, or download URL for the referenced 'muki' executable and the source/homepage are unknown. That mismatch (claiming a runnable tool but supplying only docs/data) is unexpected and reduces coherence.
Instruction Scope
The instructions focus on scanning targets, using proxies, thread control, and handling output. They explicitly require written authorization and do not instruct the agent to read unrelated local files, exfiltrate data to external endpoints, or access secrets. Use of Tor/proxies is suggested for anonymity (expected for red-team workflows) but could be abused if used without authorization.
Install Mechanism
There is no install specification (instruction-only), which is low-risk from an install/execution vector standpoint. The skill includes large fingerprint and rules files embedded as references (JSON/YML) but does not download or execute external code. The main risk is the missing distribution/install step for the actual scanner binary.
Credentials
The skill requests no environment variables, credentials, or config paths. The included Rules.yml marks some regexes as 'sensitive' (identifiers, phone numbers, bank cards), which is appropriate for a data-extraction tool, but no secrets are requested by the skill itself.
Persistence & Privilege
Default privileges are preserved (always:false; user-invocable; model-invocation allowed). The skill does not request permanent presence or attempt to modify other skills or system-wide settings. Autonomous invocation is allowed by default on the platform, but this skill alone does not escalate privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install muki-fingerprint - 安装完成后,直接呼叫该 Skill 的名称或使用
/muki-fingerprint触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: MUKI asset fingerprinting tool for red team reconnaissance. Features 30,000+ passive fingerprints, 300+ active rules, sensitive path detection, and information extraction.
元数据
常见问题
MUKI Asset Fingerprinting 是什么?
MUKI asset fingerprinting tool for red team reconnaissance. Use when performing authorized penetration testing, asset discovery, service fingerprinting, vuln... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 707 次。
如何安装 MUKI Asset Fingerprinting?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install muki-fingerprint」即可一键安装,无需额外配置。
MUKI Asset Fingerprinting 是免费的吗?
是的,MUKI Asset Fingerprinting 完全免费(开源免费),可自由下载、安装和使用。
MUKI Asset Fingerprinting 支持哪些平台?
MUKI Asset Fingerprinting 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MUKI Asset Fingerprinting?
由 Admin4Giter(@admin4giter)开发并维护,当前版本 v1.0.0。
推荐 Skills