ctf-miscProvides miscellaneous CTF challenge techniques. Use for encoding puzzles, RF/SDR signal processing, Python/bash jails, DNS exploitation, unicode steganograp...
Install via ClawdBot CLI:
clawdbot install gandli/ctf-miscGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
/etc/passwdSends data to undocumented external endpoint (potential exfiltration)
POST → http://localhost/containers/createPotentially destructive shell commands in tool definitions
eval(Accesses system directories or attempts privilege escalation
/etc/sudoersUsage Guide
Loading usage data… refresh in a few seconds.
Scored Apr 19, 2026
Calls external URL not in known-safe list
https://gtfobins.github.io/AI Analysis
The skill provides legitimate CTF techniques and references standard security tools/websites (like GTFOBins) for educational purposes. The flagged signals appear to be examples within documentation files rather than active malicious code execution. No evidence of hidden data exfiltration or credential harvesting in the skill's operational logic.
Audited Apr 16, 2026 · audit v1.0
Perform network reconnaissance and port scanning with Nmap to find open ports, detect services, identify vulnerabilities, and enumerate targets accurately.
Scan networks to discover devices, gather MAC addresses, vendors, and hostnames. Includes safety checks to prevent accidental scanning of public networks.
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guida...
Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
Test your AI agent for security vulnerabilities using PwnClaw. Runs 50+ attacks (prompt injection, jailbreaks, social engineering, MCP poisoning, and more) and provides fix instructions. Use when your agent needs a security check or hardening.