技能详情(站内镜像,无评论)
作者:Muhammad Mazhar Saeed @0x-professor
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 551 · 5 current installs · 5 all-time installs
⭐ 0
安装量(当前) 5
🛡 VirusTotal :可疑 · OpenClaw :良性
Package:0x-professor/nmap-pentest-scans
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :良性
OpenClaw 评估
The skill consistently builds and writes Nmap scan plans and findings artifacts, enforces scope checks and explicit authorization, and does not execute network scans or request secrets — but it depends on a shared helper module and slightly overstates “orchestration.”
目的
Name/description promise matches the primary behavior: producing Nmap scan workflows, profiles, and artifacts. One mismatch: the description/README language implies the skill can 'orchestrate' live scans, but the included code only generates plans/commands and writes artifacts rather than invoking nmap or performing network operations. No Nmap binary is required (and none is installed), which is coherent with a planner but not with a fully aut…
说明范围
SKILL.md and the script are scoped to planning: validate scope, require explicit authorization for non-dry-run, build command sequences, and produce deterministic artifacts. The script validates scope and enforces --i-have-authorization for active runs. It reads input payload and scope files and writes artifacts under the output path — these file reads/writes are expected for this purpose. It does not perform network access or transmit data ex…
安装机制
There is no install spec (instruction-only plus a local Python script), so nothing is downloaded or extracted. Risk from installation is minimal.
证书
No environment variables, credentials, or config paths are requested. The script reads a scope file and an input payload (expected for planning) but does not ask for unrelated secrets or platform keys.
持久
The skill is not always-enabled, is user-invocable, and does not request elevated or persistent platform privileges. It writes artifacts to the output path provided by the user, which is normal for a planner.
综合结论
This skill appears to be a planner that produces reproducible Nmap command sequences and reports; it enforces scope checks and requires an explicit authorization flag before non-dry-run execution. Before installing or running it: ensure the referenced shared module (autonomous-pentester/shared/pentest_common) is present and trusted in your environment, confirm you understand where the skill will read scope/input files and write artifacts, and …
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Nmap Pentest Scans」。简介:Plan and orchestrate authorized Nmap host discovery, port and service enumerati…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0x-professor/nmap-pentest-scans/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: nmap-pentest-scans
description: Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.
---
# Nmap Pentest Scans
## Stage
- PTES: 2-3
- MITRE: TA0007 - Discovery
## Objective
Design reproducible Nmap scan workflows for authorized targets and produce deterministic scan-plan artifacts.
## Required Workflow
1. Validate scope before any active action and reject out-of-scope targets.
2. Require explicit authorization for non-dry-run execution.
3. Select profile (stealth, balanced, fast) and build command sequence.
4. Produce normalized findings and export deterministic artifacts.
## Execution
```bash
python skills/nmap-pentest-scans/scripts/nmap_pentest_scans.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run
```
## Outputs
- `scan-plan.json`
- `scan-plan.md`
- `recommended-commands.txt`
- `findings/nmap-pentest-findings.json`
- `nmap-pentest-scans-report.json`
## References
- `references/tools.md`
- `references/scan-profiles.md`
- `skills/autonomous-pentester/shared/scope_schema.json`
- `skills/autonomous-pentester/shared/finding_schema.json`
## Legal and Ethical Notice
```text
WARNING AUTHORIZED USE ONLY
This skill prepares and can orchestrate live network scan workflows.
Use only with written authorization and approved scope.
```