Skill Detail

Pentest Commands

This skill provides a command reference for penetration testing tools. It is designed to help with quick command lookup during security assessments.

GitHub:sickn33/antigravity-awesome-skills pentest-commands
version 06945477ee99
OpenClaw disconnected runtime evidence
OpenClaw disconnected clean
no human review yet
Use Caution

Current public label

Use Caution

The current label should account for both the file-level review and the fact that the sandbox runtime pass did not come back perfectly clean.

This label is currently coming from the automated scorecard.

Automated result

Use Caution

Driftloom has both static evidence and sandbox runtime evidence for this skill, and the runtime smoke pass surfaced at least one operational issue worth understanding. The sandbox supplied fake placeholder configuration values for common env vars, so this runtime result is still about behavior under isolation rather than proof that real integrations work.

1 medium, 3 low Final label: use caution.

Human review

No human review has been recorded yet.

The current public label is still relying on automation. A human has not weighed in yet.

What happened

Driftloom completed both a static scan and a runtime smoke pass. It inspected the source, stored findings, then ran lightweight sandbox probes on the isolated runner to see whether basic execution behaved cleanly.

Runtime evidence

OpenClaw disconnected runtime evidence completed on [email protected].

Status: Completed · Duration: 517 ms · Findings: 4

Evidence class: OpenClaw disconnected runtime evidence

OpenClaw disconnected runtime validation completed cleanly in the isolated runner.

Runner image: driftloom/runtime-runner:2026-03-25-openclaw1

Tool coverage: python, node, npm, pipx, uv, gsc, gh, http, curl, jq, yq, rg, fd, shellcheck, git, bash

Network: disabled

Mode: openclaw_disconnected

Driftloom supplied fake placeholder env vars for common credentials/config checks, kept network disabled, and did not use any real secrets.

  • OpenClaw is available in the runner image as OpenClaw 2026.3.24 (cff6dc9).
  • The skill matched the basic OpenClaw-oriented layout checks used for disconnected validation.
  • SKILL.md does not explicitly mention OpenClaw; this may still be valid, but intent is less obvious.
  • No obvious script files found; disconnected runtime evidence may remain shallow.
  • No safe documented OpenClaw commands or package-script help probes were found; disconnected validation remains mostly structural.

Driftloom has both static evidence and sandbox runtime evidence for this skill, and the runtime smoke pass surfaced at least one operational issue worth understanding. The sandbox supplied fake placeholder configuration values for common env vars, so this runtime result is still about behavior under isolation rather than proof that real integrations work.

What did not happen

  • The runtime result is still limited evidence, not a full behavioral certification or broad compatibility guarantee.
  • This run did not use a live model, did not enable network access, and did not prove how the skill behaves with real external systems.
  • This label is not a guarantee that the skill is safe, bug-free, or appropriate for every environment.
  • A good score does not replace human judgment when a skill touches secrets, shell access, or external systems.

Source provenance

Source: Workspace import

Originally ingested from a local workspace copy.

Scorecard

Safety
79
Quality
94
Transparency
94
Operational
92
Maintenance
76

1 medium, 3 low Final label: use caution.

Severity mix: 3 low, 1 info

What Driftloom checked

  • Read the skill files and metadata to understand what the skill claims to do.
  • Looked for shell commands and risky command patterns, even if none stood out strongly.
  • Looked for external URLs and network behavior.
  • Looked for secrets and credential handling clues.
  • Checked whether the skill structure and references looked internally consistent.
  • Ran lightweight sandbox probes in the isolated runner with network disabled and restricted resources.

Findings

OpenClaw runtime probe warning
runtime.openclaw_layout_warning · operational
Low

SKILL.md does not explicitly mention OpenClaw; this may still be valid, but intent is less obvious.

OpenClaw runtime probe warning
runtime.openclaw_layout_warning · operational
Low

No obvious script files found; disconnected runtime evidence may remain shallow.

OpenClaw runtime probe warning
runtime.openclaw_layout_warning · operational
Low

No safe documented OpenClaw commands or package-script help probes were found; disconnected validation remains mostly structural.

OpenClaw disconnected runtime probe completed cleanly
runtime.openclaw_probe_passed · operational
Info

The OpenClaw-aware disconnected runtime probe found a plausible skill layout and did not hit obvious OpenClaw/tooling failures inside the sandbox. This is useful evidence, not a guarantee of full real-world behavior.

Evidence: OpenClaw 2026.3.24 (cff6dc9)
Driftloom is following the boring, correct architecture: Django control plane first, isolated runner later. Miraculously, restraint survives.