OpenClaw框架下的AI Agent安全测试Skills合集

AI Agent Skills

OpenClaw SecSkills 是一个专门为网络安全从业人员、渗透测试工程师、红蓝对抗团队整理的 AI Agent Skills 集合。

🛡️ 网络安全 · 渗透测试 · 攻防对抗 · 红蓝对抗 · AI Agent Skills

本项目基于 OpenClaw 框架，将传统安全工具与 AI Agent 能力相结合，让安全测试更智能、更高效。作者：Batman0506

项目地址：

https://github.com/Batman0506/openclaw-sec-skills/

项目特色

🎯	🤖	🔧	📦
精准分类	AI 驱动	工具集成	持续更新
8 大安全领域	智能自动化	集成主流工具	每周更新
50+ Skills	自然语言交互	Nmap/Nuclei 等	社区贡献

Agent Skills分类

🔒 代码审计

白盒代码安全审计，覆盖 Java/PHP/Python/智能合约等

Skill	描述	仓库
wxmini-security-audit	微信小程序全自动安全审计 Skill，基于 Claude Code Agent Teams。7 Agent 协作，覆盖敏感信息、API接口、加密分析、漏洞分析四大维度。采用脚本+LLM双层架构，脚本保证覆盖率，LLM保证准确率。	GitHub
claude-security-audit	Skill Claude Code pour audit de sécurité complet (OWASP Top 10, CWE/CVE, headers, auth, paywall, infra)	GitHub
panguard-ai	Open-source security platform for AI agents -- audits skills before install, monitors 24/7, shares threat intelligence a	GitHub
claude-skills	UX/UI evaluation, AI governance, and AI security skills for AI coding assistants. Audit interfaces with Nielsen heuristi	GitHub
skills	Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows	GitHub
SlowMist-Learning-Roadmap-for-Becoming-a-Smart-Contract-Auditor	Smart contract audit skills roadmap for beginners, auditors, engineers, etc.	GitHub
solsec	A collection of resources to study Solana smart contract security, auditing, and exploits.	GitHub
Smart-Contract-Security-Audits	Certified Smart Contract Audits for Ethereum, Solana, Near, Cardano, Aptos, Sui, Binance Smart Chain, Fantom, EOS, Tezos	GitHub
Smart-Contract-Auditor-Tools-and-Techniques	This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smar	GitHub
SmartContracts-audit-checklist	A checklist of things to look for when auditing Solidity smart contracts.	GitHub
smart-contract-audits	ContractWolf audited smart contracts	GitHub
QuillAudit_Smart_contract_Auditor_Roadmap	Smart Contract Auditor Roadmap	Learn Blockchain Security & Smart Contract Auditing
smart-contract-auditing-heuristics	Heuristics for smart contract auditors	GitHub
Smart-Contract-Audits	Smart Contract security audit reports	GitHub
QuillAudit_smart_contract_audit_Reports	QuillAudits — Smart Contract Audits for DeFi, RWA, DEXs, Tokens, DeAI & DApps	GitHub
marketplace	Security-audited skills for Claude, Codex & Claude Code. One-click install, quality verified.	GitHub
supabase-pentest-skills	24 AI Agent Skills for professional security auditing of Supabase applications. Detection, key extraction, RLS testing,	GitHub
solidity-auditor-skills		GitHub
ai-best-practices-skills	AI Best Practices Audit Skills	GitHub
java-audit-skillss	java-audit-skillss	GitHub
security-audit-skill	Agent Skill for PHP security audits - OWASP patterns, vulnerability detection	Claude Code compatible
java-audit-skills	专注于 Java 代码审计，提供自动化源码分析、路由提取、参数映射	GitHub
PHP-Code-Audit-Skill	PHP Web 白盒审计全流程：路由枚举 → 鉴权建模 → 数据流追踪 → 漏洞审计	GitHub
PHP_AUDIT_SKILLS	多智能体协作框架，支持 21 种漏洞类型专家级审计	GitHub
skill-dfyx_code_security_review	五阶段标准化审计协议，系统性发现安全漏洞	GitHub
Code Audit	覆盖 55+ 漏洞类型，双轨审计模型，多 Agent 深度分析	GitHub
zh-audit-skills-hub	中文用户代码审计 Agent Skills 仓库	GitHub

⚔️ 渗透测试

自动化渗透测试、漏洞挖掘、Bug Bounty

Skill	描述	仓库
iothackbot	IoT HackBot: A collection of Claude Skills and custom tooling for hybrid IoT pentesting	GitHub
labs-pentest	Free Labs to Train Your Pentest / CTF Skills	GitHub
communitytools	Open-source Claude Code skills, agents, and slash commands for AI-powered penetration testing, bug bounty hunting, and s	GitHub
public-skills-builder	Generate Claude Code bug bounty skills from public HackerOne reports and GitHub writeups — 18 vuln classes, no private r	GitHub
BugHunterMethodology	A comprehensive bug bounty methodology compiled from extensive research, covering web application reconnaissance, checkl	GitHub
OneLinerBounty	OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking	GitHub
SecToolkit	Welcome SecToolkit repository! This is a comprehensive collection of cybersecurity and bug bounty hunting topics. Here,	GitHub
picocom-claude-skill	A Claude Code skill for using picocom to give access to a live UART shell for enumeration, pentesting, etc.	GitHub
pentester-skills	坤式网络安全学习法，不只是学习路线还是笔记。	GitHub
KaliPAKU	KaliPAKU is a training tool for penetration testing using Kali Linux. It is designed to help security professionals and	GitHub
Active-Directory-Workbook	A comprehensive and hands-on workbook designed to sharpen your Active Directory penetration testing skills. Whether you'	GitHub
Android-Pentesting-Checklist	Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilit	GitHub
Library-of-Cybersecurity-Books	A free, no-paywall cybersecurity self-study library covering foundations, pentesting, web security, exploit development,	GitHub
pentest-skills	自然语言驱动，自动选择工具、执行命令、分析结果	GitHub
AutoSongshu Agent	"半自动驾驶"渗透测试工作台，结合浏览器自动化	GitHub
secknowledge-skill	88,636 个真实漏洞案例 + 5,600+ 篇安全研究文档知识库	GitHub
Security Auditor	OWASP 十大审计、CORS/CSP 配置、SQL 注入/XSS 防护	GitHub
Pentest Api Attacker	OWASP API 安全前十名测试	GitHub
Pentest Auth Bypass	身份验证绕过和账户接管测试	GitHub

🔍 逆向工程

二进制分析、恶意样本分析、JS 逆向

Skill	描述	仓库
DeepExtractRuntime	AI-driven agent runtime for Windows PE binary analysis. Turns IDA Pro decompiled code and SQLite databases produced by D	GitHub
iOSAppReverseEngineering	The world's 1st book of very detailed iOS App reverse engineering skills :)	GitHub
android-reverse-engineering-skill	Claude Code skill to support Android app's reverse engineering	GitHub
jshook-skill	AI-powered JS reverse engineering: deobfuscation, crypto detection, CDP debugging, hook injection, anti-detection
re-skill	Claude Code skill for reverse engineering retro games — disassemble, annotate, extract assets, web port	GitHub
CrackMaster	CCrackMaster is an educational CrackMe project written in C, designed to enhance skills in reverse engineering, code ana	GitHub
TimeCod	KotlinCrackMaster is an educational CrackMe project written in Kotlin, designed to enhance skills in reverse engineering	GitHub
skills	A growing collection of reverse engineering skills for AI coding agents.	GitHub
Incident-Response-Projects-for-Beginners	Hands-on cybersecurity projects to enhance skills in phishing investigation, malware analysis, network intrusion detecti	GitHub
malware-analysis-claude-skills	Complete Claude skills toolkit for professional malware analysis. 5 specialized skills covering triage, dynamic analysis	GitHub
my-claude-skills	Binary analysis plugins for Claude Code: angr (static analysis, symbolic execution) and Frida (dynamic instrumentation)	GitHub
reverse-skills	逆向工程插件市场，为 Claude Code 提供分析技能	GitHub
IDA-Skill	让 AI 像安全分析师一样分析恶意样本	GitHub
hello_js_reverse_skill	JS 逆向与爬虫对抗，Camoufox 反检测浏览器	GitHub
JS Reverse MCP	JavaScript 逆向工程 MCP 服务器	GitHub
FlowDroidSkill	APK 静态污点分析，检测数据泄露路径	GitHub

🏆 CTF 竞赛

CTF 解题技巧、工具使用、漏洞挖掘

Skill	描述	仓库
SecSkills	收集整理渗透测试、代码审计、CTF 等网络安全相关的 Skills	GitHub
ctf-practice	Practice your hacking skills with these CTFs	GitHub
linux-ctfs	A collection of Linux CTFs to practice your CLI skills	GitHub
Common-CTF-Challenges	Common CTF Challenges is a collection of tools and resources to help individuals improve their Capture the Flag (CTF) sk	GitHub
Walkthrough-and-Writeup	Welcome to my Capture The Flag (CTF) Walkthroughs & Writeups Repository. This repository contains educational, step-by-s	GitHub
ctf-skills	Web 漏洞利用、二进制破解、加密、逆向、取证、OSINT	GitHub
android-h1	基于 HackerOne 真实报告的移动安全漏洞挖掘	GitHub
BugBounty-Hunting	漏洞赏金猎人资源集合	GitHub

🎯 威胁建模

安全风险评估、威胁分析、合规检查

Skill	描述	仓库
ThreatHunt	ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.	GitHub
cti-expert	CTI Expert — Cyber Threat Intelligence & OSINT analysis skill for Claude Code. 67+ commands, 35 techniques, no API keys	GitHub
threat-modeling	AI-native automated software risk analysis skill. LLM-driven, Code-First approach for comprehensive security risk assess	GitHub
SOC-Analyst-Notes	Comprehensive SOC Analyst notes covering incident response, threat hunting, SOC workflows, and cybersecurity concepts—pe	GitHub
SkillWard	Security scanner for Agent Skills — uncover hidden threats before deployment.	GitHub
threat-modeling	LLM 驱动、代码优先的全面安全风险评估	GitHub
ghsa-skill-builder	自动将 GitHub 漏洞库和 HackerOne 报告转化为 Skills	GitHub

📱 移动安全

Android/iOS 安全分析、漏洞挖掘

Skill	描述	仓库
android-reversing-challenges	there are some CTF challenges or some other things helping improving android reversing skills.	GitHub
Damn-Vulnerable-Bank	Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to as	GitHub
Skill-Android-Security-Agent	构建基于 Skill 的 Android 智能审计 Agent	GitHub
mobile-security-learning-resources	This repository contains list of mobile security related resources that you can use to learn new skills and test existin	GitHub
mobile-challenges	This repository houses diverse files and challenges centered around Just Mobile Security. With practical exercises and r	GitHub
FlowDroidSkill	基于 FlowDroid + Jadx 的 APK 静态分析	GitHub
android-h1	Android/iOS 应用漏洞挖掘手法分析	GitHub
objection	运行时移动探索工具	GitHub

🚨 应急响应

安全事件响应、取证分析、日志分析

Skill	描述	仓库
Offensive-Security-Forensics-Portfolio	A portfolio demonstrating advanced blue and red team skills, including: SSH MFA implementation, Volatility-based memory	GitHub
aguara	Security scanner for AI agent skills and MCP servers. Static analysis, incident response, no LLM. One binary.   Detectio	GitHub
repo-forensics	Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.	GitHub
Digital-Crime-Scene-Challenge	The object of the Digital Crime Scene Challenge is for participants to use their forensic and investigative skills to fo	GitHub
backdoorsandbreaches-socinvader	🎮 AI-powered solo mode for Backdoors & Breaches. Train incident response skills anytime with an LLM Incident Master. Arc	GitHub
Digital-Forensic-Training	The Chupacabra case study was created by the ADEO dfir team due to the lack of resources and applications in the digital	GitHub
spellbook	Portable skill library for AI coding agents: debugging, PR workflows, design systems, incident response, and domain play	GitHub
agent-infra-security	Security skills for AI coding agents — incident response for supply chain attacks, credential rotation, IOC detection. W	GitHub
LinuxGun-skill	Linux 安全应急响应 AI 检查	GitHub
Blue-Team	蓝队设施部署、取证分析资源	GitHub
Email-OSINT	自动化电子邮件 OSINT 工具	GitHub

🛡️ 安全工具

扫描器、漏洞利用、红蓝对抗工具

Skill	描述	仓库
material-3-skill	Material Design 3 skill for Claude Code — 30+ components, design tokens, theming, responsive layout, and MD3 compliance	GitHub
htb-writeups	The most comprehensive Hack The Box writeup collection - 500+ machines, 400+ challenges, interactive knowledge graph, sk	GitHub
DeepCamera	Open-Source AI Camera Skills Platform, AI NVR & CCTV Surveillance. Local VLM video analysis with Qwen, DeepSeek, SmolVLM	GitHub
tirith	Terminal security for developers and AI agents. Intercepts homograph URLs, pipe-to-shell, ANSI injection, obfuscated pay	GitHub
raptor	Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating r	GitHub
claude-forge	Supercharge Claude Code with 11 AI agents, 36 commands & 15 skills — the claude-code plugin framework inspired by oh-my-	GitHub
TryHackMeRoadmap	A list of 350+ free TryHackMe rooms💻 to kick off your cybersecurity learning, organized by topics for easy exploration a	GitHub
agentguard	Security guard for AI agents — blocks malicious skills, prevents data leaks, protects secrets. 24 detection rules, runti	GitHub
TryHackMe	Master cybersecurity skills with this TryHackMe free path, includes a collection of my write-ups, solutions and progress	GitHub
secureclaw	SecureClaw - Security Plugin and Skill for OpenClaw OWASP-Aligned	GitHub
TryHackMe-Learning-Path-From-Beginner-to-Expert	A comprehensive TryHackMe learning path with organized sections on Introductory Rooms, Linux Fundamentals, Networking, F	GitHub
SecurityClaw	A modular, skill-based autonomous Security Operations Center (SOC) agent that monitors OpenSearch/Elasticsearch data, bu	GitHub
agentseal	Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor for supply chain attacks	GitHub
orchestkit	The Complete AI Development Toolkit for Claude Code — 103 skills, 36 agents, 169 hooks. Production-ready patterns for fu	GitHub
claude-code-owasp	Claude Code skill for OWASP security best practices (2025-2026). Includes Top 10:2025, ASVS 5.0, Agentic AI security, an	GitHub
References	Poole, Mackworth & Goebel 1998, p. 1.  Russell & Norvig 2003, p. 55.  Definition of AI as the study of intelligent agen	GitHub
Athena	Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻	GitHub
www-project-agentic-skills-top-10	OWASP Foundation web repository	GitHub
don-cheli-sdd	Don Cheli — SDD Framework. The most comprehensive Specification-Driven Development framework for AI agents. 88+ commands	GitHub
Other-sources	Asada, M.; Hosoda, K.; Kuniyoshi, Y.; Ishiguro, H.; Inui, T.; Yoshikawa, Y.; Ogino, M.; Yoshida, C. (2009). "Cognitive d	GitHub
zeph	Rust AI agent where every context token earns its place. Self-learning skills, temporal graph memory, cascade quality	GitHub
claude-code-skills	Plugin suite + bundled MCP servers for Claude Code. Full delivery lifecycle: Agile pipeline with multi-model AI review,	GitHub
faillapop	Vulnerable-by-design solidity protocol to help Web3 security enthusiasts practice their skills in an environment closer	GitHub
skillarch	SkillArch	GitHub
web3-bug-bounty-hunting-ai-skills	18 Claude Code skill files for smart contract security — built from 2,749 Immunefi reports, 681 DeFiHack reproductions,	GitHub
CEH-Assessments	A structured portfolio of weekly CEH v13 assessments, vulnerability labs, and ethical hacking documentation to demonstra	GitHub
Phase-1-Cybersecurity-Ethical-Hacking-Internship-Labs	Phase 1 of the Cybersecurity Ethical Hacking Internship Labs offers hands-on training in essential skills. Participants	GitHub
claude-security-research-skill	AI-powered security research assistant for Claude Code — structured assessment workflows, tool orchestration, and profes	GitHub
VulnBox	VulnBox is a container that is intentionally designed with vulnerabilities to allow security professionals to practice a	GitHub
open-source-handbook	⭐️ Open source projects for all skill levels	GitHub
cybersecurity-roadmap	Skills and career roadmap for various security roles like application security, cloud security, DevSecOps, security engi	GitHub
Titanic-Machine-Learning-from-Disaster	Start here if... You're new to data science and machine learning, or looking for a simple intro to the Kaggle prediction	GitHub
SOC-Ressources	Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to i	GitHub
Python-Basic-programs	What is Python? Executive Summary Python is an interpreted, object-oriented, high-level programming language with dynami	GitHub
EthicalHackingFromScratch	Welcome to my comprehensive course on python programming and ethical hacking. The course assumes you have NO prior knowl	GitHub
javascript-basic-program	What is JavaScript and what does it do?   Before you start learning something new, it’s important to understand exactly	GitHub
low-level-dev-skills	A curated suite of AI agent skills for systems and low-level programming with C/C++, Rust, and Zig toolchains, covering	GitHub
solana-claude	Claude Code configs for the expert Solana builder. CLAUDE.md, agents, commands, hooks, rules, skills and settings across	GitHub
ClarityFinance	Clarity is a financial analysis agent framework built on native Claude-skill architecture. Adopting a Planning-with-File	GitHub
30-Day-SOC-Analyst-Challenge	A 30-day hands-on SOC Analyst project simulating real-world cyber attacks using ELK Stack, Mythic C2, osTicket & Elastic	GitHub
kernel-vuln-analyzer	Claude Code skill for Linux kernel vulnerability analysis — from crash log triage to patch verification	GitHub
aws_deepracer_worksheet	Worksheet and Utilities for AWS DeepRacer – one of the most exciting ways of building strong skills in reinforcement lea	GitHub
MalwareAnalysis	This central repository is crafted for cybersecurity enthusiasts, researchers, and professionals aiming to advance their	GitHub
Machine-Learning-Interview-Preparation	Prepare to Technical Skills Here are the essential skills that a Machine Learning Engineer needs, as mentioned Read me f	GitHub
DevOps-Security-Agent-Skills	Agent-ready DevOps, security, infrastructure, and compliance knowledge base with 80+ skills across Kubernetes, Terraform	GitHub
A-Online-Quiz-Site	# Skill's Breaker An online quiz system built on PHP, JS and HTML. It has inbuilt Timer support along with Admin Panel	GitHub
Fuzzy-Logic-Based-Recommendation-System-for-Research-Topic-in-the-Final-year	Most University students are uncertain which research topic to choose for their final year research projects.The student	GitHub

漏洞利用

Skill	描述	仓库
awesome-claude-skills-security	Security testing toolkit for Claude Code: curated SecLists wordlists, injection payloads, and expert agents for authoriz	GitHub
ANYDESK-BACKDOOR	You should never use malware to infiltrate a target system. With the skill of writing and exploiting technical codes, yo	GitHub
PayloadsAllTheThings	Web 安全 payload 和绕过列表	GitHub
BugBountyGuide	漏洞赏金绕过技巧和 payload	GitHub

红队工具

Skill	描述	仓库
Red-Team-Roadmap	Red Team Roadmap [defination, job positions, skills, tools]	GitHub
agile_v_skills	Official Agent Skills for the Agile V™ framework. Verifiable AI-augmented engineering with traceability, Red Team verifi	GitHub
eJPT	eJPT is a hands-on, entry-level Red Team certification that simulates skills utilized during real-world engagements.	GitHub
Red-Team	红队/渗透测试工具集合	GitHub
Windows-Exploits	Windows 提权漏洞集合	GitHub
AD-Attack	Active Directory 攻击路径	GitHub
Pentest Active Directory	AD 身份攻击路径评估	GitHub

蓝队防御

Skill	描述	仓库
ramibot	RamiBot v3.8.0 is a local-first AI security operations platform integrating multi-LLM support, a dynamic red/blue team s	GitHub
Default-Creds	默认密码集合	GitHub
Blue-Team	蓝队防御资源	GitHub

安全检查

Skill	描述	仓库
CLS-Certify	Skill 安全检查工具	GitHub
SkillGuard	OpenClaw Skill 安全检查	GitHub
skill-audit	审计 Skill 定义的安全性、完整性	GitHub

安全扫描

Skill	描述	仓库
llm-sast-scanner	A SAST skill that gives AI coding agents structured vulnerability detection across 34 vulnerability classes.	GitHub
agent-scan	Security scanner for AI agents, MCP servers and agent skills.	GitHub
skill-scanner	Security Scanner for Agent Skills	GitHub
nova-proximity	Nova-Proximity is a MCP and Agent Skills security scanner powered with NOVA	GitHub
claude-skill-antivirus	Security scanner for Claude Code Skills — 9 engines detect malicious patterns, data exfiltration, dangerous ops across 7	GitHub
skillsentry	AI Skill Security Scanner	GitHub
SkillSemgrep	基于 Semgrep 的自然语言漏洞扫描	GitHub
Nmap	网络发现和安全审计	GitHub
Nmap Pentest Scans	Nmap 主机发现、端口枚举、NSE 分析	GitHub
Security Scanner	集成 nmap、nuclei 的自动化扫描	GitHub
Gobuster	快速内容发现工具 (Rust)	GitHub
Hydra	网络登录破解器	GitHub
Nuclei	基于模板的快速漏洞扫描器	GitHub

信息收集/OSINT

Skill	描述	仓库
Sherlock	跨平台人员资料查找 (1000+ 网站)	GitHub
reconFTW	自动化侦察工具	GitHub
BugBounty-Hunting	漏洞赏金资源	GitHub

🎓 学习与靶场

网络安全学习资源、练习平台、知识框架

Skill	描述	仓库
1earn	ffffffff0x 团队安全知识框架：Web/工控/取证/应急/后渗透	GitHub
Awesome-Infosec	信息安全课程和培训资源精选	GitHub
HackTheBox	CTF 和渗透测试练习资源	GitHub
TryHackMe	网络安全学习路径	GitHub

如果想更深入地探索这些Skills在实际攻防场景中的应用，可以访问云栈社区的安全板块，那里汇集了大量关于渗透测试、逆向分析和CTF竞赛的实战讨论与工具分享。