← 返回 Skills 市场
Pilot Penetration Testing Setup
作者
Calin Teodor
· GitHub ↗
· v1.0.0
· MIT-0
72
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pilot-penetration-testing-setup
功能描述
Deploy an automated penetration testing pipeline with 4 agents. Use this skill when: 1. User wants to set up a penetration testing or security assessment pip...
使用说明 (SKILL.md)
Penetration Testing Setup
Deploy 4 agents that perform recon, scan vulnerabilities, validate exploits, and generate reports.
Roles
| Role | Hostname | Skills | Purpose |
|---|---|---|---|
| recon | \x3Cprefix>-recon |
pilot-discover, pilot-stream-data, pilot-archive | DNS enumeration, port scanning, service fingerprinting |
| scanner | \x3Cprefix>-scanner |
pilot-task-parallel, pilot-metrics, pilot-dataset | Vulnerability scans, CVE checks, misconfiguration detection |
| exploiter | \x3Cprefix>-exploiter |
pilot-task-chain, pilot-audit-log, pilot-receipt | Safe proof-of-concept validation, exploitability confirmation |
| reporter | \x3Cprefix>-reporter |
pilot-webhook-bridge, pilot-share, pilot-slack-bridge | Report generation with findings, risk ratings, remediation |
Setup Procedure
Step 1: Ask the user which role this agent should play and what prefix to use.
Step 2: Install the skills for the chosen role:
# For recon:
clawhub install pilot-discover pilot-stream-data pilot-archive
# For scanner:
clawhub install pilot-task-parallel pilot-metrics pilot-dataset
# For exploiter:
clawhub install pilot-task-chain pilot-audit-log pilot-receipt
# For reporter:
clawhub install pilot-webhook-bridge pilot-share pilot-slack-bridge
Step 3: Set the hostname:
pilotctl --json set-hostname \x3Cprefix>-\x3Crole>
Step 4: Write the setup manifest:
mkdir -p ~/.pilot/setups
cat > ~/.pilot/setups/penetration-testing.json \x3C\x3C 'MANIFEST'
\x3CINSERT ROLE MANIFEST FROM BELOW>
MANIFEST
Step 5: Tell the user to initiate handshakes with direct communication peers.
Manifest Templates Per Role
recon
{
"setup": "penetration-testing", "setup_name": "Penetration Testing",
"role": "recon", "role_name": "Reconnaissance Agent",
"hostname": "\x3Cprefix>-recon",
"description": "Performs passive and active reconnaissance — DNS enumeration, port scanning, service fingerprinting.",
"skills": {
"pilot-discover": "Enumerate DNS records, subdomains, and service endpoints.",
"pilot-stream-data": "Stream port scan results and fingerprints in real time.",
"pilot-archive": "Archive recon snapshots for baseline comparison."
},
"peers": [{"role": "scanner", "hostname": "\x3Cprefix>-scanner", "description": "Receives recon results for vulnerability scanning"}],
"data_flows": [{"direction": "send", "peer": "\x3Cprefix>-scanner", "port": 1002, "topic": "recon-result", "description": "Recon results with target profile and services"}],
"handshakes_needed": ["\x3Cprefix>-scanner"]
}
scanner
{
"setup": "penetration-testing", "setup_name": "Penetration Testing",
"role": "scanner", "role_name": "Vulnerability Scanner",
"hostname": "\x3Cprefix>-scanner",
"description": "Runs automated vulnerability scans, checks CVE databases, identifies misconfigurations.",
"skills": {
"pilot-task-parallel": "Run multiple scan tools in parallel across target services.",
"pilot-metrics": "Track scan coverage, finding counts, and severity distribution.",
"pilot-dataset": "Store CVE matches and vulnerability metadata."
},
"peers": [{"role": "recon", "hostname": "\x3Cprefix>-recon", "description": "Sends recon results"}, {"role": "exploiter", "hostname": "\x3Cprefix>-exploiter", "description": "Receives vulnerability findings"}],
"data_flows": [
{"direction": "receive", "peer": "\x3Cprefix>-recon", "port": 1002, "topic": "recon-result", "description": "Recon results with target profile and services"},
{"direction": "send", "peer": "\x3Cprefix>-exploiter", "port": 1002, "topic": "vulnerability", "description": "Vulnerability findings with CVE and severity"}
],
"handshakes_needed": ["\x3Cprefix>-recon", "\x3Cprefix>-exploiter"]
}
exploiter
{
"setup": "penetration-testing", "setup_name": "Penetration Testing",
"role": "exploiter", "role_name": "Exploit Validator",
"hostname": "\x3Cprefix>-exploiter",
"description": "Validates discovered vulnerabilities with safe proof-of-concept tests, confirms exploitability.",
"skills": {
"pilot-task-chain": "Chain validation steps: verify, exploit, document evidence.",
"pilot-audit-log": "Log all validation attempts with timestamps and results.",
"pilot-receipt": "Confirm receipt of vulnerability findings from scanner."
},
"peers": [{"role": "scanner", "hostname": "\x3Cprefix>-scanner", "description": "Sends vulnerability findings"}, {"role": "reporter", "hostname": "\x3Cprefix>-reporter", "description": "Receives validated findings"}],
"data_flows": [
{"direction": "receive", "peer": "\x3Cprefix>-scanner", "port": 1002, "topic": "vulnerability", "description": "Vulnerability findings with CVE and severity"},
{"direction": "send", "peer": "\x3Cprefix>-reporter", "port": 1002, "topic": "validated-finding", "description": "Validated findings with proof-of-concept evidence"}
],
"handshakes_needed": ["\x3Cprefix>-scanner", "\x3Cprefix>-reporter"]
}
reporter
{
"setup": "penetration-testing", "setup_name": "Penetration Testing",
"role": "reporter", "role_name": "Pentest Reporter",
"hostname": "\x3Cprefix>-reporter",
"description": "Generates pentest reports with findings, risk ratings, remediation steps, and executive summary.",
"skills": {
"pilot-webhook-bridge": "Deliver reports to client portals and ticketing systems.",
"pilot-share": "Share report drafts with stakeholders for review.",
"pilot-slack-bridge": "Notify security team of completed assessments."
},
"peers": [{"role": "exploiter", "hostname": "\x3Cprefix>-exploiter", "description": "Sends validated findings with evidence"}],
"data_flows": [
{"direction": "receive", "peer": "\x3Cprefix>-exploiter", "port": 1002, "topic": "validated-finding", "description": "Validated findings with proof-of-concept evidence"},
{"direction": "send", "peer": "external", "port": 443, "topic": "pentest-report", "description": "Pentest report via webhook and Slack"}
],
"handshakes_needed": ["\x3Cprefix>-exploiter"]
}
Data Flows
recon -> scanner: recon-result events (port 1002)scanner -> exploiter: vulnerability events (port 1002)exploiter -> reporter: validated-finding events (port 1002)reporter -> external: pentest-report via webhook (port 443)
Handshakes
# recon \x3C-> scanner:
pilotctl --json handshake \x3Cprefix>-scanner "setup: penetration-testing"
pilotctl --json handshake \x3Cprefix>-recon "setup: penetration-testing"
# scanner \x3C-> exploiter:
pilotctl --json handshake \x3Cprefix>-exploiter "setup: penetration-testing"
pilotctl --json handshake \x3Cprefix>-scanner "setup: penetration-testing"
# exploiter \x3C-> reporter:
pilotctl --json handshake \x3Cprefix>-reporter "setup: penetration-testing"
pilotctl --json handshake \x3Cprefix>-exploiter "setup: penetration-testing"
Workflow Example
# On scanner — subscribe to recon results:
pilotctl --json subscribe \x3Cprefix>-recon recon-result
# On exploiter — subscribe to vulnerabilities:
pilotctl --json subscribe \x3Cprefix>-scanner vulnerability
# On reporter — subscribe to validated findings:
pilotctl --json subscribe \x3Cprefix>-exploiter validated-finding
# On recon — publish a recon result:
pilotctl --json publish \x3Cprefix>-scanner recon-result '{"target":"app.example.com","open_ports":[22,80,443,8080]}'
# On exploiter — publish a validated finding:
pilotctl --json publish \x3Cprefix>-reporter validated-finding '{"cve":"CVE-2023-46589","validated":true,"impact":"RCE"}'
Dependencies
Requires pilot-protocol skill, pilotctl binary, clawhub binary, and a running daemon.
安全使用建议
This skill appears to do what it says, but take these precautions before installing: 1) Ensure you have explicit legal authorization to run penetration testing in the target environment — this pipeline will discover and actively test systems. 2) Review and verify the provenance of each skill you will install via clawhub (pilot-discover, pilot-webhook-bridge, pilot-slack-bridge, etc.). 3) Prepare and securely store any webhook URLs or Slack tokens needed by reporter bridges; the SKILL.md doesn't declare these secrets. 4) Isolate the agents (network segmentation, non-production environment) and verify firewall rules for the described ports (e.g., port 1002 and outbound HTTPS) to avoid accidental exposure. 5) Confirm handshakes/peer trust policies before exchanging sensitive findings. If you want greater assurance, ask the author for the exact expectations for webhook/Slack configuration and the source locations (package registry or repository) for each child skill before proceeding.
能力标签
能力评估
Purpose & Capability
Name/description match the runtime instructions: installing pilot skills, configuring hostnames, writing a manifest, and establishing handshakes. Declared required binaries (pilotctl, clawhub) are appropriate and expected for the Pilot protocol management tasks described.
Instruction Scope
Instructions stay within the described setup: installing role-specific skills, setting hostname, writing a setup manifest to ~/.pilot/setups, initiating handshakes, and using pilotctl publish/subscribe for data flows. Important operational behavior: the reporter role forwards reports externally (webhook/Slack) and the pipeline transmits reconnaissance and vulnerability data between agents — these are expected but involve sensitive data and should be explicitly authorized and configured.
Install Mechanism
This is instruction-only (no install spec). That is lower risk because nothing is downloaded or written by the skill itself beyond the manifest it instructs you to create. The actual installation of other skills is delegated to the user's clawhub; review each installed skill's provenance before proceeding.
Credentials
The skill declares no required environment variables, which aligns with the instruction-only nature. However the reporter role references pilot-webhook-bridge and pilot-slack-bridge, which will require webhook URLs and Slack credentials/configuration in practice — those credentials are not declared or discussed in SKILL.md. Expect to supply secrets when configuring those bridges; ensure they are proportionate and stored securely.
Persistence & Privilege
The skill does not request always:true and does not attempt to change other skills' configs. It instructs writing a manifest to ~/.pilot/setups and installing skills via clawhub, which are normal for setup tasks. Autonomous invocation of installed skills is possible (platform default) — combined with network forwarding it increases operational impact, but that is expected for this pipeline.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pilot-penetration-testing-setup - 安装完成后,直接呼叫该 Skill 的名称或使用
/pilot-penetration-testing-setup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Pilot Penetration Testing Setup 是什么?
Deploy an automated penetration testing pipeline with 4 agents. Use this skill when: 1. User wants to set up a penetration testing or security assessment pip... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 72 次。
如何安装 Pilot Penetration Testing Setup?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pilot-penetration-testing-setup」即可一键安装,无需额外配置。
Pilot Penetration Testing Setup 是免费的吗?
是的,Pilot Penetration Testing Setup 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pilot Penetration Testing Setup 支持哪些平台?
Pilot Penetration Testing Setup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pilot Penetration Testing Setup?
由 Calin Teodor(@teoslayer)开发并维护,当前版本 v1.0.0。
推荐 Skills