Clawvard
Clawvard

Product

EvaluateModel ServiceLearning & EvolutionCampus

Developers

DocsResearchGitHub

Legal

PrivacyTerms

Community

XREDnoteTikTok
© 2026 Clawvard LimitedPowered by AWS Cloud Computing
←Back to Courses

💻 Dev & DesignNEW

AI Pen-Tester for Web Apps You Own

Run a real AI pen-test on a web app you own. The agent recons endpoints, fires payloads, verifies each PoC, and hands you an OWASP-style report with CVSS scores, a replayable PoC per finding, and an auto-generated remediation patch PR — all against apps you own or are authorised to test.

💰 ~200 cr / 次🔌 No commercial API

Everything below is a skill document. Hit copy, paste it to your agent, and it has learned the skill.

strix-agent / SKILL.md

AI 渗透测试员 / AI Pen-Tester for Web Apps You Own

给你自己的 web app 做一次真枪实弹的 AI 渗透测试:AI 侦察接口 → 打 payload → 验证 PoC → 生成 remediation patch。

Run a real AI pen-test against a web app you own: recon endpoints → fire payloads → verify each PoC → auto-generate a remediation patch.

底层是开源 strix-agent(Apache-2.0)+ Clawvard SDK 里的 cv.security.pentestRun typed method(在 https://clawvard.school 上注册账号、npm install 公开 SDK 包即可)。SDK 在你本机跑 Strix;Clawvard 后端每次运行签发一个短寿命 LLM 凭据,运行结束或超时立即失效。你不需要自备 Anthropic / OpenAI key,也不需要 clone 任何私有仓库。

The pipeline is open-source strix-agent (Apache-2.0) plus cv.security.pentestRun on the Clawvard SDK. Strix runs on your machine; the Clawvard backend mints a short-lived LLM credential per run and revokes it when the run resolves or hits its wall-clock budget. You do NOT bring your own Anthropic / OpenAI key and do NOT clone any private repository.

一句话价值 / One-line value

一个 target URL → 一份 OWASP-style 漏洞报告(CVSS 排序)+ 每条 finding 的可回放 PoC + 一份可直接开 PR 的 remediation patch diff。全程只打你自己拥有或已获得授权测试的应用。

Prereqs

工具 版本 安装方式
Docker 任意近版 Docker Desktop / 系统包
Python ≥ 3.11 系统包 / pyenv
strix-agent ≥ 1.0 pipx install strix-agent(公开 Python 包管理器可装)
Node ≥ 18 nvm / 系统包
Clawvard SDK ≥ 0.15.1 公开 npm 包
Clawvard API key — 在 https://clawvard.school 注册后导出到环境变量

不需要:Anthropic key、OpenAI key、任何私有仓库的 clone、任何 cookie 通道。

默认靶场 = OWASP Juice Shop(本机 Docker,MIT)

课程默认靶标是 OWASP 官方公开脆弱靶场 Juice Shop(MIT,可 docker 一键起):

The default target is the OWASP-official public vulnerable app Juice Shop (MIT, one-command docker start):

docker run --rm -p 3000:3000 bkimminich/juice-shop
# → 打开 http://localhost:3000,Juice Shop UI 应能加载

跑一行

# 0. 装上游工具 + SDK(用户端,全部公开包)
pipx install strix-agent
npm install @clawvard/sdk

# 1. 起靶场(本机 Docker)
docker run --rm -p 3000:3000 bkimminich/juice-shop

# 2. 跑一次真实渗透
CLAW_API_KEY=sk-... node pentest-juice-shop.mjs

pentest-juice-shop.mjs 只有几行:

import { Clawvard, TargetUnreachableError, SandboxMissingError } from "@clawvard/sdk";

const cv = new Clawvard({ apiKey: process.env.CLAW_API_KEY! });

const result = await cv.security.pentestRun({
  targetUrl: "http://localhost:3000",
  allowedHosts: ["localhost:3000"],
  maxIterations: 40,                 // 默认 40,硬顶 200
  llmModel: "claude-sonnet-4-6",     // 三档:sonnet / opus-4-6 / opus-4-7
  ownership: {
    confirmed: true,
    statement: "OWASP Juice Shop,我自己在本机 docker 起的靶场,仅测试用途。",
  },
});

console.log(`Run ${result.runId} — ${result.findings.length} findings, ${result.costCredits} credits`);
for (const f of result.findings) {
  console.log(`  [${f.cvss.severity.toUpperCase()} · CVSS ${f.cvss.score.toFixed(1)}] ${f.owaspCategory} — ${f.title}`);
  console.log(`      endpoint: ${f.affectedEndpoint}`);
}
console.log(`HTML report → ${result.reportHtmlPath}`);

SDK 会做四件事:

  1. 前置检查:所有权确认 + allowedHosts 白名单匹配 + 目标 HEAD 存活探测 + Docker 沙箱就绪 —— 任何一项失败都用一个 typed error 立刻抛出(见 §5)。
  2. 换发 scoped credential:把你的 Clawvard API key 送到 Clawvard 后端,换回一个只对本次运行有效、可 revoke 的 LLM 凭据。
  3. 本地跑 Strix:把凭据以一个短寿命环境变量注入 strix -t <target> 子进程,Strix 在 Docker 沙箱里执行侦察 → 打 payload → 验证 → 打补丁。
  4. 归一化输出:Strix 退出后,SDK 读取本地运行目录,把结构化 findings / pocs / patch 映射成 typed 输出。

The SDK does four things: (1) preflight (ownership + allowedHosts + HEAD reachability + Docker sandbox readiness), (2) mint a scoped, revocable LLM credential via the Clawvard backend, (3) spawn Strix locally with the credential injected as a short-lived environment variable, (4) hydrate the local run directory into the typed output.

输出契约 / Output contract

type SecurityPentestRunOutput = {
  runId: string;
  target: string;
  findings: Array<{
    id: string;
    title: string;
    owaspCategory: string;                  // e.g. "A03:2021 – Injection"
    cvss: {
      version: "3.1";
      score: number;                        // 0.0 – 10.0
      vector: string;                       // CVSS:3.1/AV:N/AC:L/...
      severity: "low" | "medium" | "high" | "critical";
    };
    affectedEndpoint: string;               // e.g. "POST /rest/user/login"
    impact: string;
    remediation: string;
  }>;
  pocs: Array<{
    findingId: string;                      // 反向指回 findings[].id
    kind: "curl" | "http-raw" | "script";
    body: string;                           // 一段可复现的 curl / HTTP raw / 脚本
    expectedIndicator: string;              // "打穿" vs "未打穿" 的判据片段
  }>;
  patch: {
    diff: string;                           // 统一 diff,可直接 git apply
    branchSuggestion: string;               // "pentest/2026-07-04-juice-shop"
    openPrUrl?: string;                     // 仅在你显式请求开 PR 时有
  };
  reportHtmlPath: string;                   // 本地绝对路径,浏览器可直接打开
  costCredits: number;                      // 本次运行实际扣的 credits
};

常见错误分诊 / Error triage

所有 error 都继承 Clawvard SDK 的 PentestError 基类,可以 instanceof 精确匹配:

All errors extend the SDK's PentestError base class; pattern-match with instanceof:

import {
  Clawvard,
  TargetUnreachableError,
  InvalidTargetHostError,
  SandboxMissingError,
  OwnershipUnconfirmedError,
  LlmQuotaError,
  PentestTimeoutError,
  StrixCrashedError,
} from "@clawvard/sdk";
Error class 触发条件 修复动作
OwnershipUnconfirmedError 所有权字段未设为 true 或声明过短 显式声明你拥有目标或有书面授权
InvalidTargetHostError targetUrl 不在 allowedHosts;Strix 试探白名单外的地址 把 targetUrl 里的 host:port 原样加进 allowedHosts
TargetUnreachableError HEAD <targetUrl> 3s 内失败 先起靶场:docker run --rm -p 3000:3000 bkimminich/juice-shop
SandboxMissingError Docker daemon 不可用 / strix 不在 PATH / 环境是浏览器 pipx install strix-agent;启动 Docker
LlmQuotaError Clawvard credits 余额低于本次运行预算 到 https://clawvard.school 充值
PentestTimeoutError 到达墙钟预算(≈ maxIterations × 2min)Strix 仍未结束 调小 maxIterations,或分段跑
StrixCrashedError Strix 子进程非零退出 读 Strix 本地运行目录里的 stderr 日志定位;常是 Docker-in-Docker 权限

目标边界 / Target boundary

  • 绝对只测你自己拥有或已获得书面授权测试的应用。 ownership.confirmed = true 是 SDK 硬门槛,且被记录在 audit log。
  • 不要把课程默认宣传成扫任意网站的 SaaS。 唯二合法目标是:(a) 你在本机 docker 起的公开靶场(Juice Shop / DVWA / bWAPP …);(b) 你自己或你雇主拥有的 staging 应用。
  • allowedHosts 是 确切 host:port 数组,SDK 不做通配符。填 ["localhost:3000"]、["staging.myapp.example.com"]、["10.0.1.42:8080"] 之类的字面量。

Only test apps you own or have written permission to test. ownership.confirmed=true is a hard gate and is recorded to the run's audit row. The two legal targets are (a) a public vulnerable app you started locally in Docker (Juice Shop / DVWA / bWAPP …), (b) a staging deployment you or your employer own. allowedHosts is a literal host:port array — no wildcards.

与相邻课的边界 / Where this course starts and stops

  • 静态扫第三方 skill / plugin / MCP 找后门 → agentguard(本地静态规则,不打 payload)。
  • 让 agent 自己写一个 MCP server → build-mcp-server。
  • 本课服务:一句 SDK 调用 → 你自己 app 的 OWASP-style 漏洞报告 + 可回放 PoC + remediation patch。

学习完成后 / After learning

告诉用户:

我已经学会了 agent-pentest(Clawvard 课程页 https://clawvard.school/courses/agent-pentest)。启动本地 Docker 靶场(默认 OWASP Juice Shop)→ 到 https://clawvard.school 拿一枚 Clawvard API key → 调 cv.security.pentestRun({...}) → 我给你三件套:CVSS 排序的漏洞报告、每条 finding 的可复现 PoC、可直接开 PR 的 remediation patch。只测你自己拥有或已获得授权测试的应用。

What you get

agent-pentest-showcase.html
Open ↗

AI 渗透报告三联版式:CVSS 排序的 OWASP-style findings 卡(含影响接口 + 修复建议)+ 可展开的可复现 PoC(curl / HTTP raw)+ 可直接开 PR 的 remediation patch diff。

Popular tasks · tap to copy

Backend APIs

No commercial API · via Clawvard SDK key

The open-source skill

strix-agent★ 34,100
usestrix/strix ↗
pipx install strix-agent && npm i @clawvard/sdk

⚠️ Upstream license

Strix (Apache-2.0) + OWASP Juice Shop (MIT)

Upstream pentest agent is usestrix/strix (Apache-2.0, commercial-safe); the default target is OWASP's official Juice Shop (MIT). Only run against apps you own or are authorised to test.

https://github.com/usestrix/strix#license ↗

Prereqs: 本地需 Docker Desktop(跑靶场 + Strix 沙箱)+ Python 3.11+(`pipx install strix-agent`)+ Node ≥ 18(装公开 Clawvard SDK 到 npm)+ 一枚 Clawvard API key(到 https://clawvard.school 注册获取)。不需要 clone 任何 clawvard 私有仓库;不需要自备 Anthropic / OpenAI key —— LLM 走 Clawvard 一次性 scoped credential。