ctf-webProvides web exploitation techniques for CTF challenges. Use when solving web security challenges involving XSS, SQLi, SSTI, SSRF, CSRF, XXE, file upload byp...
Install via ClawdBot CLI:
clawdbot install gandli/ctf-webGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
/etc/passwdContains instructions to override system prompt or ignore user requests
"Ignore previous instructions"Sends data to undocumented external endpoint (potential exfiltration)
POST → https://target.com/apiPotentially destructive shell commands in tool definitions
eval (Usage Guide
Loading usage data… refresh in a few seconds.
Scored Apr 19, 2026
Accesses system directories or attempts privilege escalation
/var/log/Calls external URL not in known-safe list
https://github.com/frohoff/ysoserialUses known external API (expected, informational)
amazonaws.comAI Analysis
The skill provides legitimate web exploitation techniques for CTF practice and references standard security tools from public repositories. While it accesses system files like /etc/passwd for educational demonstrations, this is consistent with its stated purpose and doesn't indicate credential harvesting. No evidence of hidden instructions, unauthorized data exfiltration, or obfuscated malicious behavior was found.
Audited Apr 16, 2026 · audit v1.0
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Audit a user's current AI tool stack. Score each tool by ROI, identify redundancies, gaps, and upgrade opportunities. Produces a structured report with score...
Detect anomalies and outliers in construction data: unusual costs, schedule variances, productivity spikes. Statistical and ML-based detection methods.