🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Pilot Penetration Testing Setup

by @teoslayer

Deploy an automated penetration testing pipeline with 4 agents. Use this skill when: 1. User wants to set up a penetration testing or security assessment pip...

Versionv1.0.0
Downloads379
TERMINAL
clawhub install pilot-penetration-testing-setup

πŸ“– About This Skill


name: pilot-penetration-testing-setup description: > Deploy an automated penetration testing pipeline with 4 agents.

Use this skill when: 1. User wants to set up a penetration testing or security assessment pipeline 2. User is configuring an agent as part of a vulnerability scanning workflow 3. User asks about recon, vulnerability scanning, exploit validation, or pentest reporting across agents

Do NOT use this skill when: - User wants to run a single vulnerability scan (use pilot-task-parallel instead) - User wants to send a one-off security alert (use pilot-webhook-bridge instead) tags: - pilot-protocol - setup - security - pentest license: AGPL-3.0 metadata: author: vulture-labs version: "1.0" openclaw: requires: bins: - pilotctl - clawhub homepage: https://pilotprotocol.network allowed-tools: - Bash


Penetration Testing Setup

Deploy 4 agents that perform recon, scan vulnerabilities, validate exploits, and generate reports.

Roles

| Role | Hostname | Skills | Purpose | |------|----------|--------|---------| | recon | -recon | pilot-discover, pilot-stream-data, pilot-archive | DNS enumeration, port scanning, service fingerprinting | | scanner | -scanner | pilot-task-parallel, pilot-metrics, pilot-dataset | Vulnerability scans, CVE checks, misconfiguration detection | | exploiter | -exploiter | pilot-task-chain, pilot-audit-log, pilot-receipt | Safe proof-of-concept validation, exploitability confirmation | | reporter | -reporter | pilot-webhook-bridge, pilot-share, pilot-slack-bridge | Report generation with findings, risk ratings, remediation |

Setup Procedure

Step 1: Ask the user which role this agent should play and what prefix to use.

Step 2: Install the skills for the chosen role:

# For recon:
clawhub install pilot-discover pilot-stream-data pilot-archive

For scanner:

clawhub install pilot-task-parallel pilot-metrics pilot-dataset

For exploiter:

clawhub install pilot-task-chain pilot-audit-log pilot-receipt

For reporter:

clawhub install pilot-webhook-bridge pilot-share pilot-slack-bridge

Step 3: Set the hostname:

pilotctl --json set-hostname -

Step 4: Write the setup manifest:

mkdir -p ~/.pilot/setups
cat > ~/.pilot/setups/penetration-testing.json << 'MANIFEST'

MANIFEST

Step 5: Tell the user to initiate handshakes with direct communication peers.

Manifest Templates Per Role

recon

{
  "setup": "penetration-testing", "setup_name": "Penetration Testing",
  "role": "recon", "role_name": "Reconnaissance Agent",
  "hostname": "-recon",
  "description": "Performs passive and active reconnaissance β€” DNS enumeration, port scanning, service fingerprinting.",
  "skills": {
    "pilot-discover": "Enumerate DNS records, subdomains, and service endpoints.",
    "pilot-stream-data": "Stream port scan results and fingerprints in real time.",
    "pilot-archive": "Archive recon snapshots for baseline comparison."
  },
  "peers": [{"role": "scanner", "hostname": "-scanner", "description": "Receives recon results for vulnerability scanning"}],
  "data_flows": [{"direction": "send", "peer": "-scanner", "port": 1002, "topic": "recon-result", "description": "Recon results with target profile and services"}],
  "handshakes_needed": ["-scanner"]
}

scanner

{
  "setup": "penetration-testing", "setup_name": "Penetration Testing",
  "role": "scanner", "role_name": "Vulnerability Scanner",
  "hostname": "-scanner",
  "description": "Runs automated vulnerability scans, checks CVE databases, identifies misconfigurations.",
  "skills": {
    "pilot-task-parallel": "Run multiple scan tools in parallel across target services.",
    "pilot-metrics": "Track scan coverage, finding counts, and severity distribution.",
    "pilot-dataset": "Store CVE matches and vulnerability metadata."
  },
  "peers": [{"role": "recon", "hostname": "-recon", "description": "Sends recon results"}, {"role": "exploiter", "hostname": "-exploiter", "description": "Receives vulnerability findings"}],
  "data_flows": [
    {"direction": "receive", "peer": "-recon", "port": 1002, "topic": "recon-result", "description": "Recon results with target profile and services"},
    {"direction": "send", "peer": "-exploiter", "port": 1002, "topic": "vulnerability", "description": "Vulnerability findings with CVE and severity"}
  ],
  "handshakes_needed": ["-recon", "-exploiter"]
}

exploiter

{
  "setup": "penetration-testing", "setup_name": "Penetration Testing",
  "role": "exploiter", "role_name": "Exploit Validator",
  "hostname": "-exploiter",
  "description": "Validates discovered vulnerabilities with safe proof-of-concept tests, confirms exploitability.",
  "skills": {
    "pilot-task-chain": "Chain validation steps: verify, exploit, document evidence.",
    "pilot-audit-log": "Log all validation attempts with timestamps and results.",
    "pilot-receipt": "Confirm receipt of vulnerability findings from scanner."
  },
  "peers": [{"role": "scanner", "hostname": "-scanner", "description": "Sends vulnerability findings"}, {"role": "reporter", "hostname": "-reporter", "description": "Receives validated findings"}],
  "data_flows": [
    {"direction": "receive", "peer": "-scanner", "port": 1002, "topic": "vulnerability", "description": "Vulnerability findings with CVE and severity"},
    {"direction": "send", "peer": "-reporter", "port": 1002, "topic": "validated-finding", "description": "Validated findings with proof-of-concept evidence"}
  ],
  "handshakes_needed": ["-scanner", "-reporter"]
}

reporter

{
  "setup": "penetration-testing", "setup_name": "Penetration Testing",
  "role": "reporter", "role_name": "Pentest Reporter",
  "hostname": "-reporter",
  "description": "Generates pentest reports with findings, risk ratings, remediation steps, and executive summary.",
  "skills": {
    "pilot-webhook-bridge": "Deliver reports to client portals and ticketing systems.",
    "pilot-share": "Share report drafts with stakeholders for review.",
    "pilot-slack-bridge": "Notify security team of completed assessments."
  },
  "peers": [{"role": "exploiter", "hostname": "-exploiter", "description": "Sends validated findings with evidence"}],
  "data_flows": [
    {"direction": "receive", "peer": "-exploiter", "port": 1002, "topic": "validated-finding", "description": "Validated findings with proof-of-concept evidence"},
    {"direction": "send", "peer": "external", "port": 443, "topic": "pentest-report", "description": "Pentest report via webhook and Slack"}
  ],
  "handshakes_needed": ["-exploiter"]
}

Data Flows

  • recon -> scanner : recon-result events (port 1002)
  • scanner -> exploiter : vulnerability events (port 1002)
  • exploiter -> reporter : validated-finding events (port 1002)
  • reporter -> external : pentest-report via webhook (port 443)
  • Handshakes

    # recon <-> scanner:
    pilotctl --json handshake -scanner "setup: penetration-testing"
    pilotctl --json handshake -recon "setup: penetration-testing"
    

    scanner <-> exploiter:

    pilotctl --json handshake -exploiter "setup: penetration-testing" pilotctl --json handshake -scanner "setup: penetration-testing"

    exploiter <-> reporter:

    pilotctl --json handshake -reporter "setup: penetration-testing" pilotctl --json handshake -exploiter "setup: penetration-testing"

    Workflow Example

    # On scanner β€” subscribe to recon results:
    pilotctl --json subscribe -recon recon-result
    

    On exploiter β€” subscribe to vulnerabilities:

    pilotctl --json subscribe -scanner vulnerability

    On reporter β€” subscribe to validated findings:

    pilotctl --json subscribe -exploiter validated-finding

    On recon β€” publish a recon result:

    pilotctl --json publish -scanner recon-result '{"target":"app.example.com","open_ports":[22,80,443,8080]}'

    On exploiter β€” publish a validated finding:

    pilotctl --json publish -reporter validated-finding '{"cve":"CVE-2023-46589","validated":true,"impact":"RCE"}'

    Dependencies

    Requires pilot-protocol skill, pilotctl binary, clawhub binary, and a running daemon.