Claude Skill

imbue-bit/OpenClaw-PwnKit

OpenClaw-PwnKit 是一款基于 Python 的漏洞利用工具,通过提权在几乎所有 OpenClaw 宿主机上获取 root shell,适用于渗透测试与安全研究。

概览

Stars287
Forks40
语言Python
最后更新2026-03-09
最近同步2026-07-03
前往 GitHub

仓库信息

拥有者imbue-bit
仓库OpenClaw-PwnKit
完整名称imbue-bit/OpenClaw-PwnKit
Repo ID1,175,638,196

安装这个 Skill

git clone https://github.com/imbue-bit/OpenClaw-PwnKit.git

Registry 信息

类型openclaw_skill
质量分75/100
验证状态readme_parsed
最近验证2026-06-17
平台
ClaudeOpenClaw
能力
memorysearchimageterminal
识别文件
README.mdrequirements.txt
配置键
OPENAI_API_KEY
安装方式
  • git clone https://github.com/imbue-bit/OpenClaw-PwnKit.git
  • pip install -r requirements.txt

项目简介

OpenClaw-PwnKit 是一个基于 Python 的漏洞利用工具,通过提权漏洞在几乎所有 OpenClaw 宿主机上获取 root shell 权限。

英文描述

Get shell to almost any OpenClaw host machine.

要点

  • 基于 Python 的 OpenClaw 主机漏洞利用
  • 提权至 root shell
  • 广泛兼容 OpenClaw 系统
  • 轻量且易于部署

使用场景

  • 对 OpenClaw 环境进行渗透测试
  • 安全研究与漏洞评估
  • 针对 OpenClaw 主机的红队演练
  • 提权漏洞的教育演示

README 摘要

<div align="center"> <img src="./meta/title.png" /> # OpenClaw-PwnKit **Black-Box Adversarial Attacks on LLM Agent Tool-Calling via CMA-ES** [![Python 3.10+](https://img.shields.io/badge/Python-3.10%2B-3776AB?logo=python&logoColor=white)](https://www.python.org/) [![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0) [![Paper](https://img.shields.io/badge/Paper-Coming%20Soon-yellow.svg)](#citation) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](https://github.com/imbue-bit/OpenClaw-PwnKit/pulls) *A research framework demonstrating that derivative-free optimization in token embedding space can bypass LLM safety alignment and achieve Remote Code Execution (RCE) through adversarial tool-call hijacking.* </div> --- ## Table of Contents - [Abstract](#abstract) - [Threat Model](#threat-model) - [Method Overview](#method-overview) - [Architecture](#architecture) - [Installation](#installation) - [Configuration](#configuration) - [Usage](#usage) - [Key Parameters](#key-parameters) - [Compute Requirements](#compute-requirements) - [Ethics and Responsible Disclosure](#ethics-and-responsible-disclosure) - [Citation](#citation) - [License](#license) ## Abstract As Large Language Models (LLMs) are increasingly augmented with tool-calling capabilities, LLM Agents are becoming the backbone of autonomous systems. However, RLHF-based safety alignment optimizes for semantic-level behavioral constraints but does not explicitly defend against adversarial perturbations in the continuous embedding space. This work exposes a critical security threat against closed-source frontier models (GPT-4, Claude 3, etc.): by injecting seemingly nonsensical adversarial triggers, an attacker can induce **advers

话题

暂无话题

探索更多

数据来自 GitHub,同步时间:2026-07-03