配置层(薄) 能力层(4 Skills)
SOUL.md ─┐ ┌─ cve-intel → CVE 情报获取
USER.md ├─ 人格 │ poc-forge → PoC 锻造
AGENTS.md ─┤ 路由 │ asset-hunt → 资产狩猎
TOOLS.md ─┘ └─ mass-verify → 批量验证
AI(Opus 4.6)= 编排器,不需要 Python 编排脚本。
cve-intel → poc-forge → asset-hunt → mass-verify
查CVE详情 锻造PoC Fofa搜资产 批量验证+报告
# 1. 安装 OpenClaw
npm install -g openclaw
# 2. 复制工作区
cp -r workspace/ ~/.openclaw/workspace/
# 3. 安装 Python 依赖
pip3 install requests aiohttp python-dotenv
# 4. 配置密钥
mkdir -p ~/.pentestclaw
cat > ~/.pentestclaw/secrets.env << 'EOF'
FOFA_EMAIL=your_email@example.com
FOFA_KEY=your_fofa_api_key
NVD_API_KEY=your_nvd_key_optional
PROXY_URL=
EOF
# 5. 创建工作目录
mkdir -p ~/pentest/{authorizations,targets,logs}
mkdir -p ~/pentest/results/{intel,pocs,assets,verify,reports}
# 6. 启动
openclaw{
"name": "PenTestClaw",
"language": "zh-CN",
"model": {
"provider": "openrouter",
"model": "anthropic/claude-sonnet-4-20250514",
"temperature": 0.3,
"max_tokens": 8192
},
"skills": {
"enabled": true,
"local_skills_dir": "./workspace/skills",
"auto_install": false
},
"security": {
"require_confirmation": ["shell", "network"],
"max_network_requests_per_minute": 60,
"log_all_operations": true
}
}