← 返回 Skills 市场
enderphan94

Web Security Client-Side Scanner 1773654191

作者 Ender Loc Phan · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
342
总下载
2
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install web-front-scanner
功能描述
Perform a thorough client-side / browser-facing security assessment of a target web application. Use this skill whenever the user asks to pentest, audit, or...
安全使用建议
This skill appears coherent for front-end pentesting, but before installing or running it: 1) obtain explicit, written authorization from the asset owner and confirm the exact scope (which subdomains, paths, or accounts are allowed); 2) decide whether active tools (subdomain enumeration, httpx, nuclei templates) are permitted — these can be more intrusive than pure client-side inspection; 3) avoid sharing high-privilege credentials — if authenticated testing is needed, prefer scoped or test accounts and short-lived credentials; 4) confirm the runtime environment will contain the listed tools (or provide an approved TOOLS_DIR) because the skill assumes external CLI tools will be executed; and 5) plan for safe handling of any secrets or sensitive data discovered in client assets (do not exfiltrate them to external services). If you want, I can produce a shorter checklist of the exact commands and tools the skill will run so you can approve them one-by-one.
功能分析
Type: OpenClaw Skill Name: web-front-scanner-1773654191 Version: 1.0.0 The skill bundle (SKILL.md) provides a comprehensive framework for conducting client-side security assessments, including reconnaissance, static analysis, and vulnerability validation. It instructs the agent to utilize several high-risk network and security tools such as `nuclei`, `subfinder`, `katana`, and `gau`. While the instructions emphasize non-destructive testing and require user authorization, the inclusion of these broad network and execution capabilities—even when plausibly needed for the stated purpose of a security audit—meets the specific criteria for a suspicious classification. No evidence of intentional malicious behavior, such as data exfiltration or backdoors, was identified.
能力评估
Purpose & Capability
The skill is explicitly a client-side/front-end security assessment and its checklist, methodology, and recommended tools align with that purpose (JS bundle analysis, source maps, CSP, storage, service workers, etc.). It does not claim unrelated capabilities (e.g., full cloud administration) and declares no environment or credential requirements up front.
Instruction Scope
Instructions are prescriptive and mostly limited to passive/low-risk client-side analysis. However, the guidance references active reconnaissance tools (subfinder, httpx, nuclei, waybackurls, etc.) that can broaden scope and perform more intrusive checks; the SKILL.md does state 'confirm scope' and 'non-destructive only', but an operator should explicitly approve any subdomain discovery or active scanning before use.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal risk from install mechanisms. The skill assumes external tools exist in the environment (TOOLS_DIR or PATH) but does not attempt to fetch or run installers itself.
Credentials
The skill declares no required environment variables or credentials. It does ask the operator to confirm TARGET and optional LOGIN credentials if authenticated testing is in scope, which is reasonable and proportional for a pentest. There is no unexplained request for unrelated secrets.
Persistence & Privilege
always is false and the skill does not request persistent or elevated agent privileges. It does not modify other skills or system-wide settings in the instructions provided.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install web-front-scanner
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /web-front-scanner 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug web-front-scanner
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Web Security Client-Side Scanner 1773654191 是什么?

Perform a thorough client-side / browser-facing security assessment of a target web application. Use this skill whenever the user asks to pentest, audit, or... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 342 次。

如何安装 Web Security Client-Side Scanner 1773654191?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install web-front-scanner」即可一键安装,无需额外配置。

Web Security Client-Side Scanner 1773654191 是免费的吗?

是的,Web Security Client-Side Scanner 1773654191 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Web Security Client-Side Scanner 1773654191 支持哪些平台?

Web Security Client-Side Scanner 1773654191 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Web Security Client-Side Scanner 1773654191?

由 Ender Loc Phan(@enderphan94)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论