picoclaw self pen testing

Picoclaw Self Pen Testing

Summary

Current package version: v0.0.1.

picoclaw-self-pen-testing is a standalone Picoclaw package that runs local, read-only self-pen-testing style checks from a generated Picoclaw posture profile.

This package is intentionally separate from picoclaw-security-guardian so moderation-sensitive findings can be shipped independently.

What it checks

Public Web UI exposure
Disabled Web UI auth
Unrestricted workspace/tooling posture
Unsafely unsigned verification mode
MCP trust-boundary review needs
Scheduler persistence review
Plaintext secret markers
Multi-channel auth review

Usage

node skills/picoclaw-self-pen-testing/scripts/self_pen_test.mjs \
  --profile ~/.picoclaw/security/clawsec/current-profile.json

Validation

python utils/validate_skill.py skills/picoclaw-self-pen-testing
node skills/picoclaw-self-pen-testing/test/self_pen_test.test.mjs

Source references

skills/picoclaw-self-pen-testing/skill.json
skills/picoclaw-self-pen-testing/SKILL.md
skills/picoclaw-self-pen-testing/README.md
skills/picoclaw-self-pen-testing/lib/self_pen_test.mjs
skills/picoclaw-self-pen-testing/lib/format.mjs
skills/picoclaw-self-pen-testing/scripts/self_pen_test.mjs
skills/picoclaw-self-pen-testing/test/self_pen_test.test.mjs

picoclaw self pen testing

Picoclaw Self Pen Testing

Summary

What it checks

Usage

Validation

Source references

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!