技能详情(站内镜像,无评论)
作者:Muhammad Mazhar Saeed @0x-professor
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 1 · 612 · 4 current installs · 4 all-time installs
⭐ 1
安装量(当前) 4
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:0x-professor/pentest-api-attacker
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's description promises active API attack and discovery capabilities, but the included code is a lightweight scaffold that only validates scope and writes placeholder artifacts — this mismatch and an external shared-module dependency deserve further inspection before use.
目的
The name and description claim active testing against the OWASP API Top 10 (discovery, auth abuse, protocol checks). The repo contains a single script that enforces scope/authorization checks and writes placeholder artifacts, but does not implement the scanning/fuzzing logic or invoke the external tools referenced in references/tools.md. That discrepancy (promised active testing vs implemented placeholder behavior) is incoherent and should be …
说明范围
SKILL.md instructs a safe workflow (validate scope, require explicit --i-have-authorization, honor dry-run) and uses deterministic outputs. The execution example matches the provided script. However, the script imports shared functions from skills/autonomous-pentester/shared/pentest_common.py (via a sys.path insertion). The shared module is out-of-bundle here and could contain additional behavior; inspect it to confirm the runtime scope is lim…
安装机制
No install spec is provided (instruction-only with one bundled script). Nothing is downloaded or written during an install step — this is the lowest-risk pattern for install mechanism.
证书
The skill does not request any environment variables, credentials, or config paths. The script requires only command-line arguments (scope, target, input/output). This is proportionate to the stated purpose.
持久
always is false and the skill does not request permanent presence or attempt to modify other skills' configuration. Autonomous invocation is allowed (platform default) but is not combined here with other high-risk attributes.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Pentest Api Attacker」。简介:Test APIs against OWASP API Security Top 10 including discovery, auth abuse, an…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0x-professor/pentest-api-attacker/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。