📦 metasploit — 实用工具
v1.0.0和 execute authorized Metasploit assessments 用于 OpenClaw tasks 使用 repeatable workflows, including target triage, exploit module selection, option tu...
1· 361·1 当前·1 累计
by @zengyuxiu 安全扫描
OpenClaw
可疑
medium confidenceThe skill's content matches a legitimate Metasploit workflow, but the registry metadata omits required runtime binaries (e.g., msfconsole/python3) and there are small coherence gaps you should verify before use.
评估建议
This skill implements a legitimate, cautious Metasploit workflow and includes a small helper script to generate .rc files, but the package metadata does not declare that msfconsole and python3 are required. Before installing or running: (1) Verify you have explicit, written authorization for any targets you test; (2) confirm msfconsole and python3 are present and allowed in your environment; (3) inspect scripts/build_rc.py (it's short and readable) and any output paths the skill will write to (s...详细分析 ▾
⚠ 用途与能力
The skill name, description, SKILL.md, references, and the included scripts clearly target Metasploit workflows (module selection, .rc generation, msfconsole execution). However the declared metadata lists no required binaries or primary credential even though the runtime instructions call for msfconsole and python3. That omission is inconsistent with the stated purpose and should be corrected or explained.
✓ 指令范围
SKILL.md is narrowly focused on planning and executing authorized Metasploit assessments, includes an explicit authorization check, stepwise workflow, and conservative guidance (use check first, review .rc before running). The instructions do direct the agent to write .rc files, run msfconsole, and capture logs/sessions — all expected for this purpose and explicitly scoped to authorized testing.
ℹ 安装机制
There is no install spec (instruction-only plus a small included script), which is lowest risk for supply-chain code changes. The included scripts/build_rc.py is simple and safe. The skill relies on external tools (msfconsole, Python) but does not install them; the metadata should list those runtime dependencies.
ℹ 凭证需求
No environment variables, credentials, or config paths are requested — appropriate for this skill. Still, the skill will operate on network targets and may need filesystem access for .rc and spool logs; ensure those are acceptable for your environment. The lack of declared required binaries (msfconsole/python3) is the main proportionality inconsistency.
✓ 持久化与权限
Skill does not request always:true or other elevated persistence. It is user-invocable and allows autonomous invocation by default (platform standard). It does not modify other skills or claim system-wide configuration changes.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install metasploit-skill
镜像加速npx clawhub@latest install metasploit-skill --registry https://cn.longxiaskill.com