web-pentest

Facilitates authorized web application penetration testing with a structured approach to vulnerability analysis and reporting.

Install this skill

35/100

Security score

The web-pentest skill was audited on May 29, 2026 and we found 5 security issues across 3 threat categories, including 1 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 144

Eval function call - arbitrary code execution

SourceSKILL.md

144	2. Inventory sinks — every `execute(`, `os.system(`, `eval(`,

high line 144

System command execution

SourceSKILL.md

144	2. Inventory sinks — every `execute(`, `os.system(`, `eval(`,

high line 144

Python os.system command execution

SourceSKILL.md

144	2. Inventory sinks — every `execute(`, `os.system(`, `eval(`,

medium line 245

Webhook reference - potential data exfiltration

SourceSKILL.md

245	webhook.site for sensitive engagements — exfil paths).

medium line 83

Access to hidden dotfiles in home directory

SourceSKILL.md

83	in `~/.hermes/config.yaml` for the session.

Scanned on May 29, 2026

View Security Dashboard

Installation guide →

GitHub Stars 185.0K

Rate this skill

Categorydevelopment

UpdatedJune 10, 2026

openclaw testing security-engineer qa-engineer technical-writer development content media

NousResearch/hermes-agent