← 返回 Skills 市场
0x-professor

Nmap Pentest Scans

作者 Muhammad Mazhar Saeed · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
1002
总下载
0
收藏
7
当前安装
1
版本数
在 OpenClaw 中安装
/install nmap-pentest-scans
功能描述
Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.
安全使用建议
This skill appears to be a planner that produces reproducible Nmap command sequences and reports; it enforces scope checks and requires an explicit authorization flag before non-dry-run execution. Before installing or running it: ensure the referenced shared module (autonomous-pentester/shared/pentest_common) is present and trusted in your environment, confirm you understand where the skill will read scope/input files and write artifacts, and be aware the skill will not actually execute nmap commands (you or another tool must run the generated commands). If you expected an automated runner that executes scans, note this skill only generates plans and findings artifacts.
功能分析
Type: OpenClaw Skill Name: nmap-pentest-scans Version: 0.1.0 The `scripts/nmap_pentest_scans.py` script constructs Nmap commands by directly embedding the user-provided `--target` argument into f-strings without proper shell escaping. This creates a critical shell injection vulnerability. If the AI agent, which is instructed to 'run' these scans via `agents/openai.yaml`, executes the generated commands (e.g., from `recommended-commands.txt` or `scan-plan.json`), a malicious target input could lead to arbitrary command execution on the host running the agent. While the skill includes authorization and scope validation, these do not mitigate the shell injection risk from a malformed but in-scope target.
能力评估
Purpose & Capability
Name/description promise matches the primary behavior: producing Nmap scan workflows, profiles, and artifacts. One mismatch: the description/README language implies the skill can 'orchestrate' live scans, but the included code only generates plans/commands and writes artifacts rather than invoking nmap or performing network operations. No Nmap binary is required (and none is installed), which is coherent with a planner but not with a fully automated runner.
Instruction Scope
SKILL.md and the script are scoped to planning: validate scope, require explicit authorization for non-dry-run, build command sequences, and produce deterministic artifacts. The script validates scope and enforces --i-have-authorization for active runs. It reads input payload and scope files and writes artifacts under the output path — these file reads/writes are expected for this purpose. It does not perform network access or transmit data externally.
Install Mechanism
There is no install spec (instruction-only plus a local Python script), so nothing is downloaded or extracted. Risk from installation is minimal.
Credentials
No environment variables, credentials, or config paths are requested. The script reads a scope file and an input payload (expected for planning) but does not ask for unrelated secrets or platform keys.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request elevated or persistent platform privileges. It writes artifacts to the output path provided by the user, which is normal for a planner.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install nmap-pentest-scans
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /nmap-pentest-scans 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of nmap-pentest-scans. - Plans and orchestrates authorized Nmap discovery, enumeration, and reporting workflows. - Enforces scope validation and explicit authorization before live scans. - Supports selectable scan profiles (stealth, balanced, fast) with reproducible command plans. - Outputs structured artifacts: scan plans, recommended commands, and normalized findings. - Includes legal notice emphasizing authorized use only.
元数据
Slug nmap-pentest-scans
版本 0.1.0
许可证
累计安装 8
当前安装数 7
历史版本数 1
常见问题

Nmap Pentest Scans 是什么?

Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1002 次。

如何安装 Nmap Pentest Scans?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nmap-pentest-scans」即可一键安装,无需额外配置。

Nmap Pentest Scans 是免费的吗?

是的,Nmap Pentest Scans 完全免费(开源免费),可自由下载、安装和使用。

Nmap Pentest Scans 支持哪些平台?

Nmap Pentest Scans 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Nmap Pentest Scans?

由 Muhammad Mazhar Saeed(@0x-professor)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论