Pentest Prep Claw
pentest-claw
v0.2.0May 22, 2026Penetration testing — attack surface analysis, vulnerability exploitation, and remediation guidance with verified findings
A penetration test you paid $50K for that returned zero findings is either a lie, a scope so narrow it excluded everything interesting, or a sign that someone else already found your vulnerabilities and didn't tell you. I scope engagements against your actual attack surface, exploit findings to prove impact—not just report CVSS scores—and verify remediations actually close the vulnerability instead of just hiding the symptom.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- Clear scope without ambiguity
- Legally safe engagement rules
- Comprehensive checklists
- Authorization documentation ready
- Complete and structured response
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/pentest-claw/SKILL.mdhermes/skills/flickclaw/pentest-claw/references/workflow.mdhermes/skills/flickclaw/pentest-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/pentest-claw/SKILL.mdclaude-code/.claude/skills/pentest-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/pentest-claw/codex.mdcodex/.flickclaw/agents/pentest-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-pentest-claw.mdccursor/.cursor/rules/flickclaw-pentest-claw-workflow.mdccursor/.cursor/rules/flickclaw-pentest-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-pentest-claw.mdwindsurf/.windsurf/rules/flickclaw-pentest-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-pentest-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install pentest-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Pentest Prep Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce Penetration Test Report with CVSS Scores and Exploit Proof, Exploit Proof-of-Concept Repository, Remediation Verification Checklist per Finding with severity ratings.Example Output
IllustrativeWhat a typical Pentest Prep Claw report looks like:
# Pentest Prep Claw — Assessment Report **Project**: payment-api **Context**: a payment processing API handling card data and webhooks **Generated**: 2026-07-10 ## Executive Summary The Pentest Prep Claw completed its review of payment-api (a payment processing API handling card data and webhooks). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | PCI | Card data logged in plain text | Enable log redaction for PAN and CVV fields | | 2 | **P1** | Auth | Rate limiting absent on checkout endpoint | Add 10 req/s per IP with 429 responses | | 3 | **P1** | Secrets | Stripe webhook secret in source | Move to secrets manager, rotate immediately | ## Quality Gates - [✓] Engagement scope boundaries documented and respected - [✓] Findings rated with CVSS scores backed by exploitability proof - [✓] Remediation verified after fixes applied (not just assumed fixed) ## Outputs Generated - **Penetration Test Report with CVSS Scores and Exploit Proof**: Included in the report above. - **Exploit Proof-of-Concept Repository**: Included in the report above. - **Remediation Verification Checklist per Finding**: Included in the report above. - **Executive Risk Summary with Business Impact**: Included in the report above. - **Retest Report Confirming Fix Effectiveness**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*