← 返回 Skills 市场
net-vuln-scan
作者
Aritz-China
· GitHub ↗
· v1.2.0
· MIT-0
308
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install net-vuln-scan
功能描述
网络安全漏洞检测工具。用于检测本地网络和主机的常见安全漏洞,包括: (1) 开放端口检测与风险评估 (2) 弱密码和默认凭证检测 (3) SSL/TLS 证书问题 (4) 常见服务漏洞检测 (5) 网络配置安全检查 (6) 敏感端口暴露检测。 适用于:安全审计、渗透测试前自查、系统加固、服务器上线检查。 注意:仅...
安全使用建议
This package is broadly what it claims (a local/network vuln scanner), but review and caution are recommended before running: 1) Several docs/examples reference scripts that are missing (e.g., network_discovery.py) — expect gaps. 2) platform_check.py contains logic limited to localhost while SKILL.md suggests remote/platform-wide checks — behavior may not match expectations. 3) The skill probes cloud metadata endpoints (169.254.169.254); avoid running it on production cloud instances you don't control or where metadata contains sensitive credentials. 4) Inspect scripts/weakpass_check.py before use to confirm it enforces attempt limits and won't perform uncontrolled brute-force attempts against third-party hosts. 5) The README claims scan-rate limits; the port scanner does not enforce throttling — if you will scan networks, run in a controlled environment and ensure you have authorization. If you need to proceed, run the tools on an isolated host or lab VM and audit the weakpass and platform scripts first.
功能分析
Type: OpenClaw Skill
Name: net-vuln-scan
Version: 1.2.0
The net-vuln-scan skill bundle is a legitimate security auditing tool designed for network and host vulnerability assessment. It includes scripts for port scanning (port_scan.py), SSL/TLS configuration analysis (ssl_check.py), and checking for unauthenticated services or weak default configurations (weakpass_check.py). The bundle also features version-based CVE detection for common software like Microsoft Office and SQL Server (cve_check.py) and generates structured reports (report_gen.py). The code is transparent, well-documented, and performs only the actions described in its documentation, with no evidence of data exfiltration, obfuscation, or malicious intent.
能力评估
Purpose & Capability
Name/description match the included scanning scripts (port scan, SSL, CVE, weak-pass checks, platform checks). Requesting no credentials and no special binaries is consistent with a local/network scanner. However, the skill advertises cloud metadata checks (AWS/Azure) which are sensitive in cloud contexts — those checks are present in code and are reasonable for a scanner but increase sensitivity of running it on cloud VMs.
Instruction Scope
SKILL.md and references show commands for network discovery (e.g., scripts/network_discovery.py) but that script is not present in the file manifest — references/examples.md uses scripts that are missing. The docs claim scan frequency limits and 'limited attempt' behavior for weak-password checks, but the port scanner code does not implement rate-throttling enforcement and the weakpass script contents were not fully available for review. Some platform detection functions (scripts/platform_check.py) check only localhost (127.0.0.1) even though SKILL.md implies scanning remote targets, a mismatch in scope/targeting.
Install Mechanism
No install spec (instruction-only) which is low-risk from an installation perspective. The package does include multiple .py scripts bundled in the skill — they will be executed when invoked but nothing is downloaded from external servers during install. No suspicious remote download URLs were present.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. However, several scripts actively attempt to access cloud metadata endpoints (http://169.254.169.254) to detect AWS/Azure metadata service availability; if run on cloud instances this may expose instance credentials or metadata to the operator or other tooling. The skill itself doesn't appear to exfiltrate metadata, but running it on cloud-hosted agents is sensitive.
Persistence & Privilege
No persistent privileges requested (always:false). The skill does write report files to the current directory when run (scripts/report_gen.py), which is expected. It does not modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install net-vuln-scan - 安装完成后,直接呼叫该 Skill 的名称或使用
/net-vuln-scan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
新增综合平台漏洞检测,覆盖数据库、网络、云、容器等平台,2026年3月最新漏洞库
v1.1.0
新增 CVE-2026 系列漏洞检测,2026年3月最新高危漏洞修复方案
v1.0.1
- Version bump to 1.0.1 with no file or documentation changes.
- No functional updates or documentation updates in this release.
v1.0.0
- 首个版本,发布网络安全漏洞检测工具 net-vuln-scan。
- 支持端口扫描、弱密码检测、SSL/TLS 证书安全检测、网络配置检查、敏感信息泄露检测等功能。
- 提供详细风险分级、漏洞修复建议及结构化安全报告。
- 附带常用命令及脚本指引,适合安全审计与系统加固自查。
- 明确仅允许授权环境下使用,附有频率和权限等安全控制措施。
元数据
常见问题
net-vuln-scan 是什么?
网络安全漏洞检测工具。用于检测本地网络和主机的常见安全漏洞,包括: (1) 开放端口检测与风险评估 (2) 弱密码和默认凭证检测 (3) SSL/TLS 证书问题 (4) 常见服务漏洞检测 (5) 网络配置安全检查 (6) 敏感端口暴露检测。 适用于:安全审计、渗透测试前自查、系统加固、服务器上线检查。 注意:仅... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 308 次。
如何安装 net-vuln-scan?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install net-vuln-scan」即可一键安装,无需额外配置。
net-vuln-scan 是免费的吗?
是的,net-vuln-scan 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
net-vuln-scan 支持哪些平台?
net-vuln-scan 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 net-vuln-scan?
由 Aritz-China(@aritz-china)开发并维护,当前版本 v1.2.0。
推荐 Skills