← 返回 Skills 市场
Pentest Auth Bypass
作者
Muhammad Mazhar Saeed
· GitHub ↗
· v0.1.0
1024
总下载
0
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install pentest-auth-bypass
功能描述
Test authentication and session management controls for bypass and account takeover scenarios.
安全使用建议
This skill appears coherent for authorized pentesting, but before running it: (1) verify you have written authorization and use --dry-run first; (2) inspect the shared module (autonomous-pentester/shared/pentest_common) to see what external tools or network actions it performs during non-dry-run runs; (3) run tests in an isolated environment and point outputs to a safe folder; (4) confirm scope.json accurately represents authorized targets. If you cannot review the shared helpers, avoid running non-dry-run executions against live targets.
功能分析
Type: OpenClaw Skill
Name: pentest-auth-bypass
Version: 0.1.0
The OpenClaw skill bundle 'pentest-auth-bypass' is designed for authorized security testing, with robust safeguards in place. The SKILL.md and agents/openai.yaml explicitly emphasize scope validation, authorization, and dry-run mode. The core script, scripts/auth_bypass.py, enforces these checks and, critically, only generates *placeholder* output artifacts rather than executing actual authentication bypass attacks. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection attempts against the agent.
能力评估
Purpose & Capability
Name, description, SKILL.md and the script all align: the skill scaffolds auth/session testing, references common pentest tools, and does not request unrelated credentials or system access.
Instruction Scope
The SKILL.md and script enforce scope validation and require --i-have-authorization for live runs and provide a dry-run mode, which limits accidental active testing. Note: the script imports shared helpers (pentest_common) from an external 'autonomous-pentester/shared' location — those helper functions could invoke external tools or network activity during a non-dry-run run, so review that shared module before executing live tests.
Install Mechanism
No install spec (instruction-only plus a small script) — nothing is downloaded or written during install, reducing risk.
Credentials
No environment variables, credentials, or config paths are requested. The script reads scope and input payload files (declared in CLI) which is proportional to its purpose.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills. It only writes artifacts to the specified output path when run.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pentest-auth-bypass - 安装完成后,直接呼叫该 Skill 的名称或使用
/pentest-auth-bypass触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of pentest-auth-bypass skill.
- Tests authentication and session management for bypass and account takeover scenarios.
- Validates brute-force resistance, session integrity, and MFA enforcement.
- Supports dry-run mode and requires explicit authorization flag for live tests.
- Outputs findings and artifacts in standard formats for integration.
- Aligns to PTES, OWASP WSTG, NIST, and MITRE ATT&CK standards.
- Includes legal notice: authorized use only.
元数据
常见问题
Pentest Auth Bypass 是什么?
Test authentication and session management controls for bypass and account takeover scenarios. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1024 次。
如何安装 Pentest Auth Bypass?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pentest-auth-bypass」即可一键安装,无需额外配置。
Pentest Auth Bypass 是免费的吗?
是的,Pentest Auth Bypass 完全免费(开源免费),可自由下载、安装和使用。
Pentest Auth Bypass 支持哪些平台?
Pentest Auth Bypass 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pentest Auth Bypass?
由 Muhammad Mazhar Saeed(@0x-professor)开发并维护,当前版本 v0.1.0。
推荐 Skills