← 返回 Skills 市场
pandaai-1337

Web Shells

作者 PandaAI-1337 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
124
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install web-shells
功能描述
Provides diverse web shell samples in PHP, ASP, ASPX, JSP, Python, and Perl for detection, malware analysis, and security testing under authorized conditions.
安全使用建议
This skill is coherent for security research: it bundles many real web‑shell samples intended for detection and testing. That also means the files are inherently malicious if executed. Before installing or using it: (1) only use in authorized, legal contexts; (2) open and inspect files before running anything; (3) perform analysis in an isolated environment (air‑gapped VM, container, or sandbox) that you can destroy afterward; (4) never run samples on production or connected networks; (5) if uncertain about provenance, prefer to obtain the original SecLists repository directly from GitHub; and (6) ensure you have written authorization for any testing against third‑party systems.
功能分析
Type: OpenClaw Skill Name: web-shells Version: 1.0.0 This skill bundle contains a large collection of functional web shells, backdoors, and exploit samples (e.g., PHP, ASPX, JSP, and ColdFusion shells) sourced from the SecLists repository for security research and detection testing. Key files include 'shell.cfm.html', which contains logic to extract and decrypt database credentials, and 'cmd.sh', a functional CGI-based command execution shell. While the stated purpose is research and the SKILL.md does not contain prompt injection or instructions to harm the host, the presence of ready-to-deploy malware and a 'vulnerable' Vtiger extension (references/Web-Shells/Vtiger/) represents a high-risk 'dual-use' capability that could be easily repurposed for malicious activity.
能力评估
Purpose & Capability
Name/description match the packaged content: the skill contains many web‑shell samples (PHP, ASP/ASPX, JSP, Python, Perl, shell scripts) and the SKILL.md states the SecLists/Web‑Shells source. The registry metadata lists 'Source: unknown' while the SKILL.md points to the SecLists repo (minor metadata inconsistency), but the requested resources and files are proportionate to the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to read/list files from the skill path and includes an example that reads files locally. It explicitly warns about authorized use. The instructions do not direct the agent to execute the shells, collect unrelated system data, or transmit content to external endpoints — they stay within the stated analysis/detection scope.
Install Mechanism
No install spec (instruction‑only) — lowest installer risk. Note: the skill includes executable sample scripts (sh, war, JSP, etc.). Although there is no automatic install, those files, if executed by a user or agent, perform command execution, file upload, or filesystem access — so the shipped artifacts are dangerous when run.
Credentials
The skill does not request environment variables, credentials, or config paths. That is proportionate. However several included samples reference system paths (/tmp, C:\, etc.) and contain command execution primitives (cfexecute, eval, dd, shell execution). Those are expected in web‑shell samples but are hazardous if executed on a host.
Persistence & Privilege
No elevated persistence requested. always: false and default autonomous invocation are set (normal). The skill does not attempt to modify other skills or system agent configuration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install web-shells
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /web-shells 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the SecLists Web-Shells skill. - Provides sample web shells in PHP, ASP, ASPX, JSP, Python, and Perl for detection and analysis. - Intended for security research, detection system testing, malware analysis, and educational purposes. - Includes guidelines for responsible and authorized use only.
元数据
Slug web-shells
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Web Shells 是什么?

Provides diverse web shell samples in PHP, ASP, ASPX, JSP, Python, and Perl for detection, malware analysis, and security testing under authorized conditions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 124 次。

如何安装 Web Shells?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install web-shells」即可一键安装,无需额外配置。

Web Shells 是免费的吗?

是的,Web Shells 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Web Shells 支持哪些平台?

Web Shells 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Web Shells?

由 PandaAI-1337(@pandaai-1337)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论