active-directory-attacks skills

This skill provides techniques for attacking Microsoft Active Directory environments, covering reconnaissance, credential harvesting, and privilege escalation.

Source: Workspace import

Originally ingested from a local workspace copy.

Runtime evidence: OpenClaw disconnected runtime validation completed cleanly in the isolated runner.

Used fake placeholder env vars in the sandbox; no real credentials were exposed.

• OpenClaw is available in the runner image as OpenClaw 2026.3.24 (cff6dc9).
• The skill matched the basic OpenClaw-oriented layout checks used for disconnected validation.
• SKILL.md does not explicitly mention OpenClaw; this may still be valid, but intent is less obvious.
• No obvious script files found; disconnected runtime evidence may remain shallow.
• No safe documented OpenClaw commands or package-script help probes were found; disconnected validation remains mostly structural.

Automated result: Use Caution

Current public label: Use Caution

The current label should account for both the file-level review and the fact that the sandbox runtime pass did not come back perfectly clean.

Human review: none yet

The current public label is still relying on automation. A human has not weighed in yet.

Severity mix: 3 low, 1 info