Claude Skill
imbue-bit/OpenClaw-PwnKit
OpenClaw-PwnKit is a Python exploit tool that gains a root shell on almost any OpenClaw host machine via privilege escalation. Ideal for penetration testing and security research.
Overview
Repository
Install this Skill
git clone https://github.com/imbue-bit/OpenClaw-PwnKit.gitRegistry
git clone https://github.com/imbue-bit/OpenClaw-PwnKit.gitpip install -r requirements.txt
Summary
OpenClaw-PwnKit is a Python-based exploit tool that leverages a privilege escalation vulnerability to gain a root shell on almost any OpenClaw host machine.
获取几乎所有OpenClaw宿主机的shell权限。
Key features
- Python-based exploit for OpenClaw hosts
- Privilege escalation to root shell
- Broad compatibility with OpenClaw systems
- Lightweight and easy to deploy
Use cases
- Penetration testing on OpenClaw environments
- Security research and vulnerability assessment
- Red team exercises targeting OpenClaw hosts
- Educational demonstration of privilege escalation
README excerpt
<div align="center"> <img src="./meta/title.png" /> # OpenClaw-PwnKit **Black-Box Adversarial Attacks on LLM Agent Tool-Calling via CMA-ES** [](https://www.python.org/) [](https://www.gnu.org/licenses/gpl-3.0) [](#citation) [](https://github.com/imbue-bit/OpenClaw-PwnKit/pulls) *A research framework demonstrating that derivative-free optimization in token embedding space can bypass LLM safety alignment and achieve Remote Code Execution (RCE) through adversarial tool-call hijacking.* </div> --- ## Table of Contents - [Abstract](#abstract) - [Threat Model](#threat-model) - [Method Overview](#method-overview) - [Architecture](#architecture) - [Installation](#installation) - [Configuration](#configuration) - [Usage](#usage) - [Key Parameters](#key-parameters) - [Compute Requirements](#compute-requirements) - [Ethics and Responsible Disclosure](#ethics-and-responsible-disclosure) - [Citation](#citation) - [License](#license) ## Abstract As Large Language Models (LLMs) are increasingly augmented with tool-calling capabilities, LLM Agents are becoming the backbone of autonomous systems. However, RLHF-based safety alignment optimizes for semantic-level behavioral constraints but does not explicitly defend against adversarial perturbations in the continuous embedding space. This work exposes a critical security threat against closed-source frontier models (GPT-4, Claude 3, etc.): by injecting seemingly nonsensical adversarial triggers, an attacker can induce **advers
Topics
No topics yet.