技能详情(站内镜像,无评论)
作者:Muhammad Mazhar Saeed @0x-professor
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 364 · 3 current installs · 3 all-time installs
⭐ 0
安装量(当前) 3
🛡 VirusTotal :良性 · OpenClaw :良性
Package:0x-professor/pentest-c2-operator
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's code and instructions are coherent with its stated purpose (authorized C2 simulation coordination); it performs scope/authorization checks and only writes local artifact files, and it does not request credentials, install software, or contact external endpoints by itself.
目的
Name/description claim C2 simulation orchestration and detection measurement; the included script enforces scope and authorization, builds a canonical finding, and generates report artifacts. The listed external C2 tools are references only; the skill does not embed or require those tools to run.
说明范围
SKILL.md limits execution to authorized targets, requires --i-have-authorization for live runs, and documents outputs. The runtime script respects scope and dry-run. Note: the script imports helper functions from an external shared module (autonomous-pentester/shared/pentest_common) which is not included here — you should inspect that shared code before running to confirm it does not perform unexpected I/O or network activity.
安装机制
No install spec and no external downloads; the skill is instruction-plus-script only, so it does not write or execute fetched code during install.
证书
The skill requires no environment variables, credentials, or config paths. All required inputs (scope, target, input/output paths) are command-line parameters, which is proportional for this purpose.
持久
always is false and the skill does not request elevated or persistent platform privileges. It writes artifact files to the specified output directory only when run (and only if authorization is confirmed or dry-run is false).
综合结论
This skill appears to do what it says: it validates scope/authorization, and generates local report artifacts. Before installing or running it: (1) review the autonomous-pentester/shared/pentest_common module the script imports (that code will determine what I/O or network actions actually occur); (2) make sure you have written authorization for any live tests and prefer --dry-run until you've audited dependencies; (3) confirm the tool will no…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Pentest C2 Operator」。简介:Set up authorized C2 simulation workflows and measure defensive detection outco…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0x-professor/pentest-c2-operator/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: pentest-c2-operator
description: Set up authorized C2 simulation workflows and measure defensive detection outcomes.
---
# Pentest C2 Operator
## Stage
- PTES: 5-6
- MITRE: TA0011
## Objective
Track infrastructure, persistence, and alerting outcomes from C2 simulation.
## Required Workflow
1. Validate scope before any active action and reject out-of-scope targets.
2. Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
3. Write findings in canonical finding_schema format with reproducible PoC notes.
4. Honor dry-run mode and require explicit --i-have-authorization for live execution.
5. Export deterministic artifacts for downstream skill consumption.
## Execution
```bash
python skills/pentest-c2-operator/scripts/c2_operator.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run
```
## Outputs
- `c2-infrastructure.json`
- `persistence-mechanisms.json`
- `c2-report.json`
## References
- `references/tools.md`
- `skills/autonomous-pentester/shared/scope_schema.json`
- `skills/autonomous-pentester/shared/finding_schema.json`
## Legal and Ethical Notice
```text
WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.
```