{"id":"ec157dac-bd56-49fd-b29b-839db8c69f32","shortId":"HE4W6r","kind":"skill","title":"pilot-penetration-testing-setup","tagline":"Deploy an automated penetration testing pipeline with 4 agents. Use this skill when: 1. User wants to set up a penetration testing or security assessment pipeline 2. User is configuring an agent as part of a vulnerability scanning workflow 3. User asks about recon, vulnerability","description":"# Penetration Testing Setup\n\nDeploy 4 agents that perform recon, scan vulnerabilities, validate exploits, and generate reports.\n\n## Roles\n\n| Role | Hostname | Skills | Purpose |\n|------|----------|--------|---------|\n| recon | `-recon` | pilot-discover, pilot-stream-data, pilot-archive | DNS enumeration, port scanning, service fingerprinting |\n| scanner | `-scanner` | pilot-task-parallel, pilot-metrics, pilot-dataset | Vulnerability scans, CVE checks, misconfiguration detection |\n| exploiter | `-exploiter` | pilot-task-chain, pilot-audit-log, pilot-receipt | Safe proof-of-concept validation, exploitability confirmation |\n| reporter | `-reporter` | pilot-webhook-bridge, pilot-share, pilot-slack-bridge | Report generation with findings, risk ratings, remediation |\n\n## Setup Procedure\n\n**Step 1:** Ask the user which role this agent should play and what prefix to use.\n\n**Step 2:** Install the skills for the chosen role:\n```bash\n# For recon:\nclawhub install pilot-discover pilot-stream-data pilot-archive\n# For scanner:\nclawhub install pilot-task-parallel pilot-metrics pilot-dataset\n# For exploiter:\nclawhub install pilot-task-chain pilot-audit-log pilot-receipt\n# For reporter:\nclawhub install pilot-webhook-bridge pilot-share pilot-slack-bridge\n```\n\n**Step 3:** Set the hostname:\n```bash\npilotctl --json set-hostname -\n```\n\n**Step 4:** Write the setup manifest:\n```bash\nmkdir -p ~/.pilot/setups\ncat > ~/.pilot/setups/penetration-testing.json << 'MANIFEST'\n\nMANIFEST\n```\n\n**Step 5:** Tell the user to initiate handshakes with direct communication peers.\n\n## Manifest Templates Per Role\n\n### recon\n```json\n{\n \"setup\": \"penetration-testing\", \"setup_name\": \"Penetration Testing\",\n \"role\": \"recon\", \"role_name\": \"Reconnaissance Agent\",\n \"hostname\": \"-recon\",\n \"description\": \"Performs passive and active reconnaissance — DNS enumeration, port scanning, service fingerprinting.\",\n \"skills\": {\n \"pilot-discover\": \"Enumerate DNS records, subdomains, and service endpoints.\",\n \"pilot-stream-data\": \"Stream port scan results and fingerprints in real time.\",\n \"pilot-archive\": \"Archive recon snapshots for baseline comparison.\"\n },\n \"peers\": [{\"role\": \"scanner\", \"hostname\": \"-scanner\", \"description\": \"Receives recon results for vulnerability scanning\"}],\n \"data_flows\": [{\"direction\": \"send\", \"peer\": \"-scanner\", \"port\": 1002, \"topic\": \"recon-result\", \"description\": \"Recon results with target profile and services\"}],\n \"handshakes_needed\": [\"-scanner\"]\n}\n```\n\n### scanner\n```json\n{\n \"setup\": \"penetration-testing\", \"setup_name\": \"Penetration Testing\",\n \"role\": \"scanner\", \"role_name\": \"Vulnerability Scanner\",\n \"hostname\": \"-scanner\",\n \"description\": \"Runs automated vulnerability scans, checks CVE databases, identifies misconfigurations.\",\n \"skills\": {\n \"pilot-task-parallel\": \"Run multiple scan tools in parallel across target services.\",\n \"pilot-metrics\": \"Track scan coverage, finding counts, and severity distribution.\",\n \"pilot-dataset\": \"Store CVE matches and vulnerability metadata.\"\n },\n \"peers\": [{\"role\": \"recon\", \"hostname\": \"-recon\", \"description\": \"Sends recon results\"}, {\"role\": \"exploiter\", \"hostname\": \"-exploiter\", \"description\": \"Receives vulnerability findings\"}],\n \"data_flows\": [\n {\"direction\": \"receive\", \"peer\": \"-recon\", \"port\": 1002, \"topic\": \"recon-result\", \"description\": \"Recon results with target profile and services\"},\n {\"direction\": \"send\", \"peer\": \"-exploiter\", \"port\": 1002, \"topic\": \"vulnerability\", \"description\": \"Vulnerability findings with CVE and severity\"}\n ],\n \"handshakes_needed\": [\"-recon\", \"-exploiter\"]\n}\n```\n\n### exploiter\n```json\n{\n \"setup\": \"penetration-testing\", \"setup_name\": \"Penetration Testing\",\n \"role\": \"exploiter\", \"role_name\": \"Exploit Validator\",\n \"hostname\": \"-exploiter\",\n \"description\": \"Validates discovered vulnerabilities with safe proof-of-concept tests, confirms exploitability.\",\n \"skills\": {\n \"pilot-task-chain\": \"Chain validation steps: verify, exploit, document evidence.\",\n \"pilot-audit-log\": \"Log all validation attempts with timestamps and results.\",\n \"pilot-receipt\": \"Confirm receipt of vulnerability findings from scanner.\"\n },\n \"peers\": [{\"role\": \"scanner\", \"hostname\": \"-scanner\", \"description\": \"Sends vulnerability findings\"}, {\"role\": \"reporter\", \"hostname\": \"-reporter\", \"description\": \"Receives validated findings\"}],\n \"data_flows\": [\n {\"direction\": \"receive\", \"peer\": \"-scanner\", \"port\": 1002, \"topic\": \"vulnerability\", \"description\": \"Vulnerability findings with CVE and severity\"},\n {\"direction\": \"send\", \"peer\": \"-reporter\", \"port\": 1002, \"topic\": \"validated-finding\", \"description\": \"Validated findings with proof-of-concept evidence\"}\n ],\n \"handshakes_needed\": [\"-scanner\", \"-reporter\"]\n}\n```\n\n### reporter\n```json\n{\n \"setup\": \"penetration-testing\", \"setup_name\": \"Penetration Testing\",\n \"role\": \"reporter\", \"role_name\": \"Pentest Reporter\",\n \"hostname\": \"-reporter\",\n \"description\": \"Generates pentest reports with findings, risk ratings, remediation steps, and executive summary.\",\n \"skills\": {\n \"pilot-webhook-bridge\": \"Deliver reports to client portals and ticketing systems.\",\n \"pilot-share\": \"Share report drafts with stakeholders for review.\",\n \"pilot-slack-bridge\": \"Notify security team of completed assessments.\"\n },\n \"peers\": [{\"role\": \"exploiter\", \"hostname\": \"-exploiter\", \"description\": \"Sends validated findings with evidence\"}],\n \"data_flows\": [\n {\"direction\": \"receive\", \"peer\": \"-exploiter\", \"port\": 1002, \"topic\": \"validated-finding\", \"description\": \"Validated findings with proof-of-concept evidence\"},\n {\"direction\": \"send\", \"peer\": \"external\", \"port\": 443, \"topic\": \"pentest-report\", \"description\": \"Pentest report via webhook and Slack\"}\n ],\n \"handshakes_needed\": [\"-exploiter\"]\n}\n```\n\n## Data Flows\n\n- `recon -> scanner` : recon-result events (port 1002)\n- `scanner -> exploiter` : vulnerability events (port 1002)\n- `exploiter -> reporter` : validated-finding events (port 1002)\n- `reporter -> external` : pentest-report via webhook (port 443)\n\n## Handshakes\n\n```bash\n# recon <-> scanner:\npilotctl --json handshake -scanner \"setup: penetration-testing\"\npilotctl --json handshake -recon \"setup: penetration-testing\"\n# scanner <-> exploiter:\npilotctl --json handshake -exploiter \"setup: penetration-testing\"\npilotctl --json handshake -scanner \"setup: penetration-testing\"\n# exploiter <-> reporter:\npilotctl --json handshake -reporter \"setup: penetration-testing\"\npilotctl --json handshake -exploiter \"setup: penetration-testing\"\n```\n\n## Workflow Example\n\n```bash\n# On scanner — subscribe to recon results:\npilotctl --json subscribe -recon recon-result\n# On exploiter — subscribe to vulnerabilities:\npilotctl --json subscribe -scanner vulnerability\n# On reporter — subscribe to validated findings:\npilotctl --json subscribe -exploiter validated-finding\n# On recon — publish a recon result:\npilotctl --json publish -scanner recon-result '{\"target\":\"app.example.com\",\"open_ports\":[22,80,443,8080]}'\n# On exploiter — publish a validated finding:\npilotctl --json publish -reporter validated-finding '{\"cve\":\"CVE-2023-46589\",\"validated\":true,\"impact\":\"RCE\"}'\n```\n\n## Dependencies\n\nRequires `pilot-protocol` skill, `pilotctl` binary, `clawhub` binary, and a running daemon.","tags":["pilot","penetration","testing","setup","skills","teoslayer","agent-skills","ai-agents","clawhub","networking","openclaw","overlay-network"],"capabilities":["skill","source-teoslayer","skill-pilot-penetration-testing-setup","topic-agent-skills","topic-ai-agents","topic-clawhub","topic-networking","topic-openclaw","topic-overlay-network","topic-p2p","topic-pilot-protocol"],"categories":["pilot-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/TeoSlayer/pilot-skills/pilot-penetration-testing-setup","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add TeoSlayer/pilot-skills","source_repo":"https://github.com/TeoSlayer/pilot-skills","install_from":"skills.sh"}},"qualityScore":"0.453","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 6 github stars · SKILL.md body (7,621 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:14:58.930Z","embedding":null,"createdAt":"2026-05-18T13:22:44.582Z","updatedAt":"2026-05-18T19:14:58.930Z","lastSeenAt":"2026-05-18T19:14:58.930Z","tsv":"'-2023':894 '-46589':895 '/.pilot/setups':255 '/.pilot/setups/penetration-testing.json':257 '1':19,152 '1002':358,460,478,581,596,696,739,745,753 '2':32,168 '22':875 '3':45,236 '4':13,55,247 '443':715,762,877 '5':261 '80':876 '8080':878 'across':413 'activ':298 'agent':14,37,56,159,291 'app.example.com':872 'archiv':83,190,332,333 'ask':47,153 'assess':30,677 'attempt':542 'audit':116,215,537 'autom':8,394 'baselin':337 'bash':176,240,252,764,821 'binari':907,909 'bridg':134,141,227,234,649,671 'cat':256 'chain':113,212,527,528 'check':105,397 'chosen':174 'clawhub':179,193,207,222,908 'client':653 'communic':270 'comparison':338 'complet':676 'concept':125,519,608,708 'configur':35 'confirm':128,521,550 'count':423 'coverag':421 'cve':104,398,431,485,588,892,893 'daemon':913 'data':80,187,320,351,453,574,689,730 'databas':399 'dataset':101,204,429 'deliv':650 'depend':900 'deploy':6,54 'descript':294,344,363,392,441,449,465,481,510,562,570,584,601,632,683,701,720 'detect':107 'direct':269,353,455,473,576,591,691,710 'discov':76,183,309,512 'distribut':426 'dns':84,300,311 'document':533 'draft':663 'endpoint':316 'enumer':85,301,310 'event':737,743,751 'evid':534,609,688,709 'exampl':820 'execut':643 'exploit':63,108,109,127,206,446,448,476,491,492,503,506,509,522,532,680,682,694,729,741,746,784,788,801,814,836,854,880 'extern':713,755 'find':145,422,452,483,554,565,573,586,600,603,637,686,700,703,750,850,857,884,891 'fingerprint':89,305,326 'flow':352,454,575,690,731 'generat':65,143,633 'handshak':267,371,488,610,727,763,769,777,787,795,805,813 'hostnam':69,239,245,292,342,390,439,447,508,560,568,630,681 'identifi':400 'impact':898 'initi':266 'instal':169,180,194,208,223 'json':242,277,375,493,615,768,776,786,794,804,812,829,841,852,865,886 'log':117,216,538,539 'manifest':251,258,259,272 'match':432 'metadata':435 'metric':98,201,418 'misconfigur':106,401 'mkdir':253 'multipl':408 'name':283,289,381,387,499,505,621,627 'need':372,489,611,728 'notifi':672 'open':873 'p':254 'parallel':95,198,406,412 'part':39 'passiv':296 'peer':271,339,355,436,457,475,557,578,593,678,693,712 'penetr':3,9,26,51,280,284,378,382,496,500,618,622,773,781,791,799,809,817 'penetration-test':279,377,495,617,772,780,790,798,808,816 'pentest':628,634,718,721,757 'pentest-report':717,756 'per':274 'perform':58,295 'pilot':2,75,78,82,93,97,100,111,115,119,132,136,139,182,185,189,196,200,203,210,214,218,225,229,232,308,318,331,404,417,428,525,536,548,647,659,669,903 'pilot-arch':81,188,330 'pilot-audit-log':114,213,535 'pilot-dataset':99,202,427 'pilot-discov':74,181,307 'pilot-metr':96,199,416 'pilot-penetration-testing-setup':1 'pilot-protocol':902 'pilot-receipt':118,217,547 'pilot-shar':135,228,658 'pilot-slack-bridg':138,231,668 'pilot-stream-data':77,184,317 'pilot-task-chain':110,209,524 'pilot-task-parallel':92,195,403 'pilot-webhook-bridg':131,224,646 'pilotctl':241,767,775,785,793,803,811,828,840,851,864,885,906 'pipelin':11,31 'play':161 'port':86,302,322,357,459,477,580,595,695,714,738,744,752,761,874 'portal':654 'prefix':164 'procedur':150 'profil':368,470 'proof':123,517,606,706 'proof-of-concept':122,516,605,705 'protocol':904 'publish':860,866,881,887 'purpos':71 'rate':147,639 'rce':899 'real':328 'receipt':120,219,549,551 'receiv':345,450,456,571,577,692 'recon':49,59,72,73,178,276,287,293,334,346,361,364,438,440,443,458,463,466,490,732,735,765,778,826,831,833,859,862,869 'recon-result':360,462,734,832,868 'reconnaiss':290,299 'record':312 'remedi':148,640 'report':66,129,130,142,221,567,569,594,613,614,625,629,631,635,651,662,719,722,747,754,758,802,806,846,888 'requir':901 'result':324,347,362,365,444,464,467,546,736,827,834,863,870 'review':667 'risk':146,638 'role':67,68,157,175,275,286,288,340,384,386,437,445,502,504,558,566,624,626,679 'run':393,407,912 'safe':121,515 'scan':43,60,87,103,303,323,350,396,409,420 'scanner':90,91,192,341,343,356,373,374,385,389,391,556,559,561,579,612,733,740,766,770,783,796,823,843,867 'secur':29,673 'send':354,442,474,563,592,684,711 'servic':88,304,315,370,415,472 'set':23,237,244 'set-hostnam':243 'setup':5,53,149,250,278,282,376,380,494,498,616,620,771,779,789,797,807,815 'sever':425,487,590 'share':137,230,660,661 'skill':17,70,171,306,402,523,645,905 'skill-pilot-penetration-testing-setup' 'slack':140,233,670,726 'snapshot':335 'source-teoslayer' 'stakehold':665 'step':151,167,235,246,260,530,641 'store':430 'stream':79,186,319,321 'subdomain':313 'subscrib':824,830,837,842,847,853 'summari':644 'system':657 'target':367,414,469,871 'task':94,112,197,211,405,526 'team':674 'tell':262 'templat':273 'test':4,10,27,52,281,285,379,383,497,501,520,619,623,774,782,792,800,810,818 'ticket':656 'time':329 'timestamp':544 'tool':410 'topic':359,461,479,582,597,697,716 'topic-agent-skills' 'topic-ai-agents' 'topic-clawhub' 'topic-networking' 'topic-openclaw' 'topic-overlay-network' 'topic-p2p' 'topic-pilot-protocol' 'track':419 'true':897 'use':15,166 'user':20,33,46,155,264 'valid':62,126,507,511,529,541,572,599,602,685,699,702,749,849,856,883,890,896 'validated-find':598,698,748,855,889 'verifi':531 'via':723,759 'vulner':42,50,61,102,349,388,395,434,451,480,482,513,553,564,583,585,742,839,844 'want':21 'webhook':133,226,648,724,760 'workflow':44,819 'write':248","prices":[{"id":"7e74d66d-3cd7-41d9-9a41-0ab5ac021382","listingId":"ec157dac-bd56-49fd-b29b-839db8c69f32","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"TeoSlayer","category":"pilot-skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:22:44.582Z"}],"sources":[{"listingId":"ec157dac-bd56-49fd-b29b-839db8c69f32","source":"github","sourceId":"TeoSlayer/pilot-skills/pilot-penetration-testing-setup","sourceUrl":"https://github.com/TeoSlayer/pilot-skills/tree/main/skills/pilot-penetration-testing-setup","isPrimary":false,"firstSeenAt":"2026-05-18T13:22:44.582Z","lastSeenAt":"2026-05-18T19:14:58.930Z"}],"details":{"listingId":"ec157dac-bd56-49fd-b29b-839db8c69f32","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"TeoSlayer","slug":"pilot-penetration-testing-setup","github":{"repo":"TeoSlayer/pilot-skills","stars":6,"topics":["agent-skills","ai-agents","clawhub","networking","openclaw","overlay-network","p2p","pilot-protocol"],"license":"agpl-3.0","html_url":"https://github.com/TeoSlayer/pilot-skills","pushed_at":"2026-05-13T06:08:49Z","description":"80+ agent skills for Pilot Protocol — communication, file transfer, trust, task routing, swarm coordination, and more","skill_md_sha":"2fddb0a2f2724a0d0bdc019df75aa69b05989776","skill_md_path":"skills/pilot-penetration-testing-setup/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/TeoSlayer/pilot-skills/tree/main/skills/pilot-penetration-testing-setup"},"layout":"multi","source":"github","category":"pilot-skills","frontmatter":{"name":"pilot-penetration-testing-setup","license":"AGPL-3.0","description":"Deploy an automated penetration testing pipeline with 4 agents. Use this skill when: 1. User wants to set up a penetration testing or security assessment pipeline 2. User is configuring an agent as part of a vulnerability scanning workflow 3. User asks about recon, vulnerability scanning, exploit validation, or pentest reporting across agents Do NOT use this skill when: - User wants to run a single vulnerability scan (use pilot-task-parallel instead) - User wants to send a one-off security alert (use pilot-webhook-bridge instead)"},"skills_sh_url":"https://skills.sh/TeoSlayer/pilot-skills/pilot-penetration-testing-setup"},"updatedAt":"2026-05-18T19:14:58.930Z"}}