← 返回 Skills 市场
116
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install toolweb-cyber-attack-simulation
功能描述
Professional security testing and vulnerability assessment tool for simulating cyber attacks and generating comprehensive security reports.
安全使用建议
This package is inconsistent: it claims to be a hosted attack-simulation service but provides no server address, no auth method, no provenance, and no safety/authorization checks. Before installing or enabling this skill: 1) Do not allow autonomous invocation for this skill — require explicit user confirmation for every run. 2) Ask the publisher for the server base URL, authentication mechanism (API key, OAuth), and proof of identity/ownership (homepage, org info). 3) Require written proof that simulations will only run against authorized, non-production test targets and request audit/logging and rate-limiting controls. 4) Have your security team review any network calls the agent will make; prefer skills that declare required env vars and which restrict target scopes (allow-lists). 5) If you cannot validate the service owner and controls, do not enable the skill — it could be misused to launch real attacks or to trick the agent into performing harmful actions. Note: the absence of static scanner findings does not mean this is safe — this skill is mostly documentation, so the real risk is in how the agent (or a user) uses it.
功能分析
Type: OpenClaw Skill
Name: toolweb-cyber-attack-simulation
Version: 1.0.0
The skill provides a 'Cyber Attack Simulation Platform' that allows an AI agent to initiate network-based attacks, including phishing, SQL injection, and DDoS, against arbitrary hostnames and ports. While the documentation in SKILL.md describes it as a professional security testing tool, the provision of active attack capabilities to an AI agent represents a high-risk surface that could be misused for unauthorized scanning or exploitation. The tool interacts with external endpoints at api.mkkpro.com and toolweb.in.
能力评估
Purpose & Capability
The skill presents itself as a hosted 'Cyber Attack Simulation Platform' that runs phishing/SQLi/DDoS simulations, but there is no server URL, no authentication mechanism, no required API key, and no install or code to provide that runtime. A real simulation service would normally require at minimum an endpoint and credentials; their absence is incoherent.
Instruction Scope
SKILL.md describes endpoints and example requests that initiate attacks against targets (hostnames, ports, intensity) but does not require or instruct the agent to verify authorization/consent, restrict targets to test networks, or use safe non-destructive modes. That leaves broad discretion to the agent to initiate simulations against arbitrary hosts — a significant scope/safety gap.
Install Mechanism
There is no install spec and no code files to execute; the skill is instruction-only. This limits on-disk risk, but also means the SKILL.md is purely declarative and relies on the agent/user to perform network operations.
Credentials
Requires no environment variables or credentials despite describing a remote API with usage/pricing. A legitimate remote simulation API would normally require an API key, endpoint URL, or account configuration. The lack of declared credentials or config is disproportionate and unexplained.
Persistence & Privilege
The skill does not request always: true and does not declare persistent system changes. Autonomous invocation is allowed by default (normal), but combined with the other concerns it increases risk unless the user restricts invocation or requires explicit confirmation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install toolweb-cyber-attack-simulation - 安装完成后,直接呼叫该 Skill 的名称或使用
/toolweb-cyber-attack-simulation触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Cyber Attack Simulation Platform v1.0.0 – Initial Release
- Launches a professional-grade platform for simulating cyber attacks with adjustable intensity and multiple attack vectors.
- Provides detailed vulnerability assessment reports including findings, risk levels, and remediation guidance.
- Offers endpoints for running simulations, retrieving vulnerability databases, and listing supported attack types.
- Designed for enterprise security teams, penetration testers, MSSPs, and compliance-focused organizations.
- Includes free and tiered pricing plans for flexible usage.
元数据
常见问题
Cyber Attack Simulation 是什么?
Professional security testing and vulnerability assessment tool for simulating cyber attacks and generating comprehensive security reports. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 116 次。
如何安装 Cyber Attack Simulation?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install toolweb-cyber-attack-simulation」即可一键安装,无需额外配置。
Cyber Attack Simulation 是免费的吗?
是的,Cyber Attack Simulation 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Cyber Attack Simulation 支持哪些平台?
Cyber Attack Simulation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Cyber Attack Simulation?
由 ToolWeb(@krishnakumarmahadevan-cmd)开发并维护,当前版本 v1.0.0。
推荐 Skills