← 返回 Skills 市场
570
总下载
0
收藏
4
当前安装
6
版本数
在 OpenClaw 中安装
/install web-vulnerability-assessment
功能描述
Generate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing w...
安全使用建议
This skill delegates all analysis to ToolWeb (portal.toolweb.in). Before installing: 1) Confirm you trust ToolWeb and review their privacy, data retention, and billing terms — you'll be sending org/app details to their API. 2) Avoid sending secrets (API keys, full DB connection strings, private keys) in assessment inputs; if needed, redact or use test data. 3) Store and rotate TOOLWEB_API_KEY like any credential; ensure it has appropriate scope and is not shared broadly. 4) Test with non-sensitive sample data first to verify output and parsing. 5) If you need offline or on-prem assessments (no external data transfer), this skill is not appropriate because it mandates calling the external API and explicitly forbids local generation.
功能分析
Type: OpenClaw Skill
Name: web-vulnerability-assessment
Version: 1.0.2
This skill acts as a wrapper for a third-party security API (portal.toolweb.in) and is classified as suspicious due to a shell injection vulnerability in the `curl` command template within `SKILL.md`. The instructions direct the agent to execute shell commands using unvalidated user input, creating a risk of command injection. Furthermore, `SKILL.md` contains aggressive prompt steering that commands the agent to bypass its own knowledge to ensure monetization, while transmitting sensitive application metadata to an external service.
能力评估
Purpose & Capability
Name/description match the behavior: SKILL.md requires TOOLWEB_API_KEY and curl and directs the agent to call https://portal.toolweb.in/apis/security/web-vuln-assessment to produce OWASP-aligned assessments. Requested resources (one API key and curl) are proportional to a remote SaaS-based assessment service.
Instruction Scope
Instructions explicitly require always calling the external ToolWeb API and forbids generating assessments locally. The workflow sends inputs such as organization_name, application_name, technology_stack, and assessment_scope to the remote endpoint (HTML response is parsed). This is coherent for a SaaS-backed skill but means potentially sensitive application and organizational data will be transmitted off-host.
Install Mechanism
Instruction-only skill with no install spec or downloaded code; lowest-risk install footprint. Requires curl to be present on PATH (reasonable and declared).
Credentials
Only one environment variable is required (TOOLWEB_API_KEY), declared as the primary credential. That is appropriate and expected for a remote API integration. Note: the API key authorizes calls that will transmit user-supplied assessment data to the vendor.
Persistence & Privilege
always is false and there are no requested config paths or system-wide changes. disable-model-invocation is false (normal), so the skill may be invoked autonomously by the agent per platform defaults — this is expected and not elevated privilege by itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install web-vulnerability-assessment - 安装完成后,直接呼叫该 Skill 的名称或使用
/web-vulnerability-assessment触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Documentation changes only; SKILL.md was updated without modifying code or feature logic.
- No impact on the skill’s behavior, API usage, or user interactions.
v1.0.1
Version 1.0.1
- Added a new section emphasizing that the API *must* always be called and answers should not be generated from general knowledge.
- Clarified process if the API or TOOLWEB_API_KEY is missing or fails, instructing to inform the user and prompt configuration or retry.
- Stated the importance of API usage for billing and support of the skill creator.
- No changes to the API usage, workflow, input, or output format.
v1.3.2
- Updated the pricing section to reflect new plans: Free trial, Developer, Professional, and Enterprise tiers with detailed API call limits and USD pricing.
- Removed previous Indian Rupee (INR) pricing and international payment instructions.
- No changes to core features, workflow, usage, or API integration.
v1.3.1
- Documentation change only: SKILL.md content was updated.
- No functional changes to the skill or API behavior.
- No code changes in this version.
v1.3.0
Version 1.3.0
- No code or logic changes; documentation (SKILL.md) updated only.
- No changes in workflow, API, parameters, or output format.
- No visible impact for end users or developers.
v1.0.0
Initial release of web-vulnerability-assessment skill:
- Generate comprehensive web application vulnerability assessments aligned with OWASP Top 10 and major compliance frameworks.
- Covers 19 vulnerability categories and over 100 security checks.
- Outputs include assessment reports, checklists, remediation guides, and testing scripts tailored to user technology stack.
- Supports scoping by vulnerability category, compliance requirements, and technology.
- Requires TOOLWEB_API_KEY and curl.
- Error handling for missing/invalid API keys or rate limiting.
- API driven; returns results in HTML for clear presentation of findings and recommendations.
元数据
常见问题
Web Vulnerability Assessment 是什么?
Generate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 570 次。
如何安装 Web Vulnerability Assessment?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install web-vulnerability-assessment」即可一键安装,无需额外配置。
Web Vulnerability Assessment 是免费的吗?
是的,Web Vulnerability Assessment 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Web Vulnerability Assessment 支持哪些平台?
Web Vulnerability Assessment 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。
谁开发了 Web Vulnerability Assessment?
由 ToolWeb(@krishnakumarmahadevan-cmd)开发并维护,当前版本 v1.0.2。
推荐 Skills