← 返回 Skills 市场
apacheua

Network Scan

作者 ApacheUA · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
662
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install network-scan
功能描述
Scans specified network targets and ports using nmap with options for speed, timeout, host limits, and exclusions, returning detailed JSON results.
安全使用建议
This skill implements nmap-based network scanning and the code matches that purpose, but it fails to declare that it needs the nmap binary and the python 'nmap' library. Before installing or using: (1) ensure you have permission to scan the target networks (unauthorized scanning can be illegal or disruptive); (2) install nmap on the host and the python-nmap package, or the tool will return an error; (3) consider testing locally on a lab network first; (4) review the code (it does not exfiltrate data or call external endpoints), but note the unused 'subprocess' import and the skill will produce the exact nmap command line it runs — verify that output if you need auditability; (5) if you want clearer safety, ask the publisher to add an install spec and explicit documentation of the nmap/python-nmap requirements and to limit autonomous invocation or add usage constraints.
功能分析
Type: OpenClaw Skill Name: network-scan Version: 1.0.0 The skill performs network scanning using `nmap` via the `python-nmap` library. While the `SKILL.md` is benign and the `target` parameter undergoes some validation, the `main.py` script is classified as suspicious due to the lack of comprehensive input validation for the `ports` and `exclude` parameters. These user-controlled inputs are directly incorporated into the `nmap` command arguments. Although the `python-nmap` library generally mitigates direct shell injection by passing arguments as a list, the absence of robust sanitization for all parameters represents a vulnerability that could be exploited if `nmap` or `python-nmap` has an unknown flaw in argument handling, potentially leading to unintended command execution or resource exhaustion.
能力评估
Purpose & Capability
The skill's name, SKILL.md and main.py all consistently implement network scanning with nmap. However, the registry metadata and SKILL.md do not declare the actual runtime dependency on the nmap binary and the python-nmap package (the code imports 'nmap' and checks for the nmap program). That missing dependency declaration is an incoherence: a network-scan tool reasonably needs nmap, but the package metadata/instructions do not request or document it.
Instruction Scope
SKILL.md instructs only to provide target and ports and returns JSON results; the code follows that scope and does not read other files or external config. It does allow scanning arbitrary IPs/ranges which can be misused or legally problematic if run without permission — this is expected for a scanner but worth highlighting.
Install Mechanism
There is no install spec but the runtime requires the nmap program and the python 'nmap' module. Without an install step or clear documentation, users may run this in environments missing these dependencies. The code does not fetch remote code or use suspicious external URLs, so the install risk is about missing/undeclared requirements rather than malicious downloads.
Credentials
The skill requests no environment variables or credentials (appropriate). However, network scanning itself is a sensitive capability: consider whether autonomous scans are permitted for target networks and whether scans could trigger IDS/IPS or legal issues. No env vars are requested or accessed by the code.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not modify other skills or system configuration, and is user-invocable only. Autonomous invocation is allowed by platform default but not escalated by this skill's metadata.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install network-scan
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /network-scan 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the network-scan skill. - Scans ports and devices on a network using nmap - Supports targets in CIDR notation, IP ranges, and comma-separated lists - Multiple scan customization options: quick scan, fast scan, top ports, hosts limit, and IP exclusion - Output includes scan results, nmap command used, and scan information in JSON format
元数据
Slug network-scan
版本 1.0.0
许可证
累计安装 4
当前安装数 3
历史版本数 1
常见问题

Network Scan 是什么?

Scans specified network targets and ports using nmap with options for speed, timeout, host limits, and exclusions, returning detailed JSON results. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 662 次。

如何安装 Network Scan?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install network-scan」即可一键安装,无需额外配置。

Network Scan 是免费的吗?

是的,Network Scan 完全免费(开源免费),可自由下载、安装和使用。

Network Scan 支持哪些平台?

Network Scan 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Network Scan?

由 ApacheUA(@apacheua)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论