← 返回 Skills 市场
108
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install security-test-suite
功能描述
Performs automated security assessments including vulnerability scans, OWASP Top 10 checks, CVE detection, pen-testing, SSL audits, and API security testing...
安全使用建议
Do not install or run this skill without more information. The skill's name/description claim active security testing and pentesting capabilities, but the included SKILL.md documents a web-health/QA toolkit and references Python scripts that are not included in the package — this mismatch could be sloppy packaging or intentional. Before proceeding: (1) ask the publisher for the missing scripts/source code and a verifiable author/source/homepage; (2) verify the actual code to ensure no hidden exfiltration, backdoors, or destructive tests; (3) if you plan to run any tests, obtain explicit written authorization from target owners and run first in an isolated, non-production environment; (4) be cautious with options that accept auth tokens, cookies, proxies, payloads, and HTTP methods like PUT/DELETE—these can change target state; (5) prefer skills with a clear, verifiable source (GitHub/org releases) and included code that matches the documentation. If you cannot get the source or the author, treat the skill as incomplete/untrusted and avoid use.
功能分析
Type: OpenClaw Skill
Name: security-test-suite
Version: 1.0.2
The bundle provides documentation and metadata for a 'Web Health & Quality Assurance Suite' (slug: 'security-test-suite') designed for monitoring web service health, SSL status, and API compliance. The instructions in SKILL.md describe a professional set of tools for health checks and security validation, including scripts like `web_health_check.py` and `ssl_monitor.py`. The inclusion of an `AUTHORIZATION_LETTER.md` template and a detailed `TERMS_OF_USE.md` emphasizes ethical and authorized use, and no evidence of malicious intent, data exfiltration, or prompt injection was found in the provided files.
能力评估
Purpose & Capability
The registry metadata and skill name advertise a 'security-test-suite' with vulnerability scans, OWASP checks, CVE detection, and pentesting. The SKILL.md, however, documents a 'Web Health & Quality Assurance Suite' focused on availability, SSL monitoring, and QA. That mismatch is material: a pentesting/security scanner would reasonably require different tooling, code, and credentials. Additionally, the SKILL.md references many scripts (scripts/*.py) that are not present in the package, which makes the claimed capabilities unsupported by the provided files.
Instruction Scope
Runtime instructions tell the agent to execute local scripts (availability_check.py, web_health_check.py, input_validator.py, endpoint_verifier.py, etc.) with options that include --auth, --cookie, --proxy, --methods (including PUT/DELETE), and --payloads. These options allow potentially intrusive or state-changing requests. The SKILL.md doesn't instruct reading arbitrary system files or environment variables, but it does instruct running non-bundled scripts and using payload files and auth tokens supplied to the commands — which could be used for pen-testing. The instructions are also internally inconsistent (referencing scripts that are not bundled), granting broad operational discretion without the actual implementation.
Install Mechanism
There is no install spec and no code files in the package (instruction-only). That minimizes on-disk install risk, but it also means the skill is incomplete: it instructs running scripts that aren't included. Lack of an install mechanism is appropriate for a pure-instructions skill but here highlights incompleteness rather than safety.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md accepts auth tokens, cookies, proxies, and payload files as CLI arguments, which is reasonable for a monitoring/testing toolkit. However, given the skill's advertised scope (CVE detection / pentesting) one might expect additional credentials or tooling; the absence of declared credentials combined with the advertising mismatch is suspicious but not definitive on its own.
Persistence & Privilege
The skill does not request 'always' presence and uses the platform defaults for invocation. It does not attempt to modify other skills or system-wide configuration in the provided materials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install security-test-suite - 安装完成后,直接呼叫该 Skill 的名称或使用
/security-test-suite触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
**Major update: Skill renamed and refocused from security testing to web health monitoring and quality assurance.**
- Changed skill name to "web-health-suite".
- Updated functionality from security and vulnerability testing to web service health monitoring, compliance validation, and quality assurance.
- Replaced scripts and workflow with health checks, compliance validation, SSL certificate monitoring, and API verification.
- Revised reporting, script parameters, and result evaluation to center on availability, health, and compliance scoring.
- No file changes detected; documentation and description only.
v1.0.1
- Added legal and compliance documentation: AUTHORIZATION_LETTER.md and TERMS_OF_USE.md.
- Included manifest file: security-test-suite.skill.
- No changes to functionality or usage; this update focuses on formalizing authorization and terms of use requirements.
v1.0.0
这是一个面向 AI Agent 的自动化安全测试工具包,让 AI 能够自主执行渗透测试级别的安全扫描,输出结构化报告。
元数据
常见问题
security-test-suite 是什么?
Performs automated security assessments including vulnerability scans, OWASP Top 10 checks, CVE detection, pen-testing, SSL audits, and API security testing... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 108 次。
如何安装 security-test-suite?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install security-test-suite」即可一键安装,无需额外配置。
security-test-suite 是免费的吗?
是的,security-test-suite 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
security-test-suite 支持哪些平台?
security-test-suite 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 security-test-suite?
由 guo5404(@guo5404)开发并维护,当前版本 v1.0.2。
推荐 Skills