web-vulnerability-assessmentGenerate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing w...
Install via ClawdBot CLI:
clawdbot install krishnakumarmahadevan-cmd/web-vulnerability-assessmentGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Sends data to undocumented external endpoint (potential exfiltration)
POST → https://portal.toolweb.in/apis/security/web-vuln-assessmentCalls external URL not in known-safe list
https://portal.toolweb.inAI Analysis
The skill mandates sending all user-provided web application assessment data to an undocumented, third-party API endpoint for processing and billing. While the purpose is consistent with the skill's function, this creates a significant privacy risk as user data is transmitted to an external, unvetted service with no transparency on data handling, retention, or sharing policies.
Audited Apr 17, 2026 · audit v1.0
Generated Mar 21, 2026
An online retailer needs to assess their web application for PCI DSS compliance before a major holiday sale. The assessment focuses on injection vulnerabilities, broken authentication, and sensitive data exposure to ensure secure payment processing and customer data protection.
A healthcare provider requires a security review of their patient portal API to meet HIPAA requirements. The assessment targets API security, data exposure, and access control vulnerabilities to safeguard protected health information and prevent unauthorized access.
A financial technology startup is preparing for a third-party penetration test and uses this skill to define the scope. It assesses vulnerabilities like insecure deserialization and business logic flaws in their cloud-deployed application to prioritize testing efforts and remediation.
A government agency needs to evaluate a public-facing web application for OWASP Top 10 compliance and GDPR adherence. The assessment covers security misconfigurations, XML vulnerabilities, and client-side issues to enhance security posture and regulatory alignment.
A software-as-a-service provider conducts a routine security assessment of their multi-tenant platform deployed on AWS. The skill analyzes injection, authentication bypass, and denial-of-service vulnerabilities across technologies like Node.js and Docker to mitigate risks and maintain customer trust.
The skill operates on a pay-per-use API model where each successful API call is billed, generating revenue for the creator. Users must obtain an API key from the portal, and usage is tracked for billing purposes, ensuring scalable income based on assessment demand.
Targeting large organizations, this model offers tiered subscription plans with higher API call limits, priority support, and custom compliance frameworks. It provides predictable recurring revenue while catering to businesses with frequent security assessment needs.
A free tier allows limited assessments to attract users, while premium features like advanced testing scripts, detailed remediation guides, and multi-framework compliance mapping are gated behind paid plans. This drives user acquisition and upsells for enhanced functionality.
💬 Integration Tip
Ensure the TOOLWEB_API_KEY is securely stored in environment variables and that curl is installed on the system; always validate API responses for errors before presenting results to users.
Scored Apr 29, 2026
Perform network reconnaissance and port scanning with Nmap to find open ports, detect services, identify vulnerabilities, and enumerate targets accurately.
Scan networks to discover devices, gather MAC addresses, vendors, and hostnames. Includes safety checks to prevent accidental scanning of public networks.
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guida...
Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
Test your AI agent for security vulnerabilities using PwnClaw. Runs 50+ attacks (prompt injection, jailbreaks, social engineering, MCP poisoning, and more) and provides fix instructions. Use when your agent needs a security check or hardening.