← 返回 Skills 市场
Tech Security Audit
作者
JacquesLauren
· GitHub ↗
· v1.0.0
1000
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install tech-security-audit
功能描述
Performs local network scans using Nmap to detect vulnerabilities, identify service versions, and fingerprint operating systems.
安全使用建议
What to check before installing:
- Confirm you have explicit authorization to scan any network targets you will test — unauthorized scanning can be illegal or disruptive.
- Ensure Nmap is installed and in PATH; the skill's docs require it but the registry metadata does not declare it as a required binary. Expect to install Nmap yourself.
- If you will pass user-provided targets to this skill (especially in multi-user or automated contexts), validate or restrict those inputs to avoid accidental scans of third-party addresses or private ranges you don't control.
- Running the skill will execute the local nmap binary via subprocess.run. That is expected for this functionality, but be mindful: the agent could perform noisy scans if invoked autonomously. Consider limiting autonomous invocation or adding governance controls before allowing the agent to run this skill without explicit user confirmation.
- If you need stronger guarantees, review/modify the code to enforce allowed target ranges, rate limits, logging/auditing, and to surface scan parameters to the user rather than using defaults.
功能分析
Type: OpenClaw Skill
Name: tech-security-audit
Version: 1.0.0
The skill is classified as suspicious due to its core functionality in `nmap_scanner.py` which executes `nmap` via `subprocess.run`. While the use of `nmap` is aligned with the stated 'Tech Security Audit' purpose, it grants broad network access and reconnaissance capabilities. The `target` parameter is user-controlled, posing a significant risk of misuse if an AI agent is prompted to scan unauthorized internal networks or sensitive targets, even though the code itself does not exhibit direct shell injection vulnerabilities or explicit malicious intent like data exfiltration or persistence.
能力评估
Purpose & Capability
The SKILL.md, README, and code all state this is an Nmap-integrated network scanner and the code legitimately invokes the nmap binary. However, the registry metadata lists no required binaries while the docs explicitly require Nmap in PATH — that mismatch is an incoherence (the skill should declare 'nmap' as a required binary). Other than that omission, the requested resources (no credentials, no external endpoints) align with the stated purpose.
Instruction Scope
Runtime instructions are limited to calling run_nmap_scan and the shipped code only runs the local 'nmap' executable (via subprocess.run with a list of args) and parses its XML output. The SKILL.md does not ask the agent to read unrelated files, exfiltrate data, or call external endpoints. One operational caution: the code does not sanitize or validate user-supplied targets beyond passing them as an argument to nmap — while list-based subprocess avoids shell injection, untrusted inputs could still cause unintended scans or be interpreted by nmap in unexpected ways.
Install Mechanism
No install spec is present and all code is included in the package — nothing is downloaded or written during install. This is low-risk from an installation standpoint. Note: the skill depends on the system having Nmap installed (manually), which the package metadata fails to declare.
Credentials
The skill requests no environment variables, credentials, or config paths — appropriate for a local scanner that invokes an external tool. There are no surprising credential requests or unrelated env access.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously by the agent (platform default). Because network scanning is sensitive and potentially disruptive or legally restricted, consider whether you want the agent to invoke scans autonomously; that risk stems from scan behavior, not from elevated privileges requested by the skill itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tech-security-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/tech-security-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Tech Security Audit Skill:
- Adds Nmap-based local network scanning capabilities.
- Detects active services, vulnerabilities, and their versions.
- Supports OS fingerprinting for scanned hosts.
- Requires Nmap installed and accessible in PATH.
元数据
常见问题
Tech Security Audit 是什么?
Performs local network scans using Nmap to detect vulnerabilities, identify service versions, and fingerprint operating systems. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1000 次。
如何安装 Tech Security Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tech-security-audit」即可一键安装,无需额外配置。
Tech Security Audit 是免费的吗?
是的,Tech Security Audit 完全免费(开源免费),可自由下载、安装和使用。
Tech Security Audit 支持哪些平台?
Tech Security Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Tech Security Audit?
由 JacquesLauren(@jacqueslauren)开发并维护,当前版本 v1.0.0。
推荐 Skills