--- name: pentest-auth-bypass description: Test authentication and session management controls for bypass and account takeover scenarios. --- # Pentest Auth Bypass ## Stage - PTES: 5 - MITRE: T1110
--- name: pentest-active-directory description: Assess Active Directory identity attack paths including roasting, relay, and delegation abuse. --- # Pentest Active Directory ## Stage - PTES: 6 - MI
--- name: pentest-c2-operator description: Set up authorized C2 simulation workflows and measure defensive detection outcomes. --- # Pentest C2 Operator ## Stage - PTES: 5-6 - MITRE: TA0011 ## Obj
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.
Discover and assess IoT and wireless targets across BLE, Zigbee, Wi‑Fi, ESB, RFID/NFC, LoRa, and SDR. Capture traffic, enumerate services, fuzz endpoints, and run targeted assessments with streamlined
Discover and assess IoT and wireless targets across BLE, Zigbee, Wi‑Fi, ESB, RFID/NFC, LoRa, and SDR. Capture traffic, enumerate services, fuzz endpoints, and run targeted assessments with streamlin
--- name: prts-sandbox description: Isolated Kali Linux sandbox for running pentest tools and risky commands safely. metadata: {"openclaw":{"emoji":"🛡️","requires":{"bins":["bash","curl","jq"]}}}
All-in-one security testing toolbox that brings together popular open source tools through a single MCP interface. Connected to an AI agent, it enables tasks like pentesting, bug bounty hunting, threa
AI/LLM red team testing skill. Point at any LLM API endpoint and run automated security assessments. 160+ attack payloads across prompt injection, jailbreak,...
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident...
<p align="center"> <a href="https://github.com/trimstray/the-book-of-secret-knowledge"> <img src="https://github.com/trimstray/the-book-of-secret-knowledge/blob/master/static/img/the-book-of-secret-kn
Use when building or updating vulnerability pattern Skills from multiple sources: GitHub Security Advisories (GHSA), HackerOne Hacktivity, or NVD. Triggers o...
Send an idea to the Council of the Wise for multi-perspective feedback. Spawns sub-agents to analyze from multiple expert perspectives. Auto-discovers agent...
Tool discovery and shell one-liner reference for sysadmin, DevOps, and security tasks. AUTO-CONSULT this skill when the user is: troubleshooting network issues, debugging processes, analyzing logs, wo
Website vulnerability scanner and security audit toolkit. Scan any website for security issues: open ports (nmap), exposed secrets, subdomain enumeration, di...
Deep-dive security audit with 1,000 iterations (~4-8 hours). Use when user says 'deep security audit', 'ralph ultra', 'compliance audit prep', 'thorough secu...
Multi-agent adversarial security review — 3 AI agents debate every finding, only real vulnerabilities survive
Web2 bug bounty hunting agent — evidence-based vulnerability finder and report writer. Use when: auditing web apps/APIs for HackerOne, Bugcrowd, Intigriti, Y...
Advanced AI-powered search skill using SearXNG as the universal search backend. Multi-engine dork generation, 90+ search engines, intelligent search strategi...
Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tu...