--- name: pentest-auth-bypass description: Test authentication and session management controls for bypass and account takeover scenarios. --- # Pentest Auth Bypass ## Stage - PTES: 5 - MITRE: T1110
--- name: pentest-c2-operator description: Set up authorized C2 simulation workflows and measure defensive detection outcomes. --- # Pentest C2 Operator ## Stage - PTES: 5-6 - MITRE: TA0011 ## Obj
--- name: pentest-active-directory description: Assess Active Directory identity attack paths including roasting, relay, and delegation abuse. --- # Pentest Active Directory ## Stage - PTES: 6 - MI
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.
--- name: prts-sandbox description: Isolated Kali Linux sandbox for running pentest tools and risky commands safely. metadata: {"openclaw":{"emoji":"🛡️","requires":{"bins":["bash","curl","jq"]}}}
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident...
AI/LLM red team testing skill. Point at any LLM API endpoint and run automated security assessments. 160+ attack payloads across prompt injection, jailbreak,...
Use when building or updating vulnerability pattern Skills from multiple sources: GitHub Security Advisories (GHSA), HackerOne Hacktivity, or NVD. Triggers o...
Tool discovery and shell one-liner reference for sysadmin, DevOps, and security tasks. AUTO-CONSULT this skill when the user is: troubleshooting network issues, debugging processes, analyzing logs, wo
Send an idea to the Council of the Wise for multi-perspective feedback. Spawns sub-agents to analyze from multiple expert perspectives. Auto-discovers agent...
Website vulnerability scanner and security audit toolkit. Scan any website for security issues: open ports (nmap), exposed secrets, subdomain enumeration, di...
Multi-agent adversarial security review — 3 AI agents debate every finding, only real vulnerabilities survive
Deep-dive security audit with 1,000 iterations (~4-8 hours). Use when user says 'deep security audit', 'ralph ultra', 'compliance audit prep', 'thorough secu...
Web2 bug bounty hunting agent — evidence-based vulnerability finder and report writer. Use when: auditing web apps/APIs for HackerOne, Bugcrowd, Intigriti, Y...
Advanced AI-powered search skill using SearXNG as the universal search backend. Multi-engine dork generation, 90+ search engines, intelligent search strategi...
Plan and execute authorized Metasploit assessments for OpenClaw tasks with repeatable workflows, including target triage, exploit module selection, option tu...